Data Processing Agreement (DPA)

This is a placeholder for the Data Processing Agreement (DPA). This document should be commissioned from a UK-specialised data protection solicitor.

1. Definitions

"Controller", "Processor", "Data Subject", and "Personal Data" shall have the meaning given in the UK GDPR.

2. Processing of Personal Data

Crownlark (the Processor) shall process Personal Data only on documented instructions from the Firm (the Controller), unless required to do so by UK law.

3. Security

The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

4. Sub-processors

The Controller provides a general authorisation for the Processor to engage sub-processors (e.g., cloud hosting providers) to deliver the service, subject to appropriate agreements.