Connect with us
Connect
Schedule demo

Data Processing Agreement

1. Scope and Purpose
This Data Processing Agreement (“DPA”) forms part of the engagement agreement between FinPal Services Inc dba FinStackk and the customer (“Customer”) and sets forth the terms and conditions governing the processing of personal information (“Customer Data”) by FinStackk on behalf of the Customer.
2. Obligations of FinStackk
2.1 FinStackk shall process Customer Data only in accordance with the documented instructions of the Customer, including with regard to transfers of Customer Data to a third country or an international organization, unless required to do so by applicable law to which FinStackk is subject.
2.2 FinStackk shall ensure that persons authorized to process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.3 FinStackk shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  1. the pseudonymization and encryption of Customer Data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  3. the ability to restore the availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

2.4 FinStackk shall assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to FinStackk.
2.5 FinStackk shall, at the choice of the Customer, delete or return all the Customer Data to the Customer after the end of the provision of services relating to processing, and delete existing copies unless applicable law requires storage of the Customer Data.
3. Obligations of the Customer
3.1 The Customer represents and warrants that it has obtained all necessary consents and authorizations from data subjects for the processing of their personal data and that such processing is lawful.
3.2 The Customer shall provide clear and documented instructions to FinStackk regarding the processing of Customer Data, and shall ensure that such instructions are compliant with applicable laws and regulations.
3.3 The Customer shall inform FinStackk of any changes in the instructions regarding the processing of Customer Data.
3.4 The Customer acknowledges that it has the primary responsibility for the lawfulness of processing of Customer Data and the protection of the rights of data subjects, and shall indemnify and hold FinStackk harmless against any claims, damages, or losses arising out of or in connection with the processing of Customer Data in accordance with the instructions of the Customer.
4.Subprocessing
4.1 FinStackk may engage third-party subprocessors for the processing of Customer Data, provided that FinStackk shall ensure that such subprocessors are bound by the same data protection obligations as set out in this DPA.
4.2FinStackk shall inform the Customer of any intended changes concerning the addition or replacement of subprocessors, thereby giving the Customer the opportunity to object to such changes.
5Liability and Indemnification
5.1 The liability of each party for damages arising out of or in connection with the processing of Customer Data shall be subject to the limitations of liability set forth in the engagement agreement between FinStackk and the Customer.
5.2 The Customer shall indemnify and hold FinStackk harmless against any claims, damages, or losses arising out of or in connection with the processing of Customer Data in accordance with the instructions of the Customer.
6.Duration and Termination
6.1 This DPA shall remain in force until the termination of the engagement agreement between FinStackk and the Customer.
6.2 Upon termination of the engagement agreement, FinStackk shall delete or return all Customer Data to the Customer, unless required to keep such data under applicable law.
7. Governing Law and Jurisdiction
This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions set forth in the engagement agreement between FinStackk and the Customer.