According to the GDPR
Article 28 specifies that:
‘Processing by a processor shall be governed by a contract or other legal act ... that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.’
This thus implies the signature of a Data Processing Agreement, or DPA, between the Data Controller (You) and the Data Processor (Us).
The DPA is a core element which defines the obligations and responsibilities of each party.
From a technical perspective, the physical and logical protection of data is done by Organisation. An Organisation is a group of sites and users on our solutions (see more). Therefore, they can only be one DPA per Organisation.
Regarding AT Internet
Data Processing Agreement
In order to comply with said Article 28, AT Internet provides its customers with a DPA.
ImportantIf several of your legal entities are grouped under a single AT Internet organisation, the processing agreement will thus apply to this whole organisation. The organisation is a grouping of sites and users within our solution. (An organisation is a group of sites. It represents the functional structure of your company). An organisation may benefit from a single DPA only.
The AT Internet DPA specifies in particular:
- The types and categories of collected data, in addition to the data subjects
- The nature, purposes and duration of processing, in addition to the conditions for its lawfulness.
- A contact point to discuss issues related to privacy, security and GDPR
- Your and our responsibilities
- The data storage location
ActionRequest your DPA by sending this e-mail, and submit it to your legal affairs department for validation..
Send the (signed) validation to firstname.lastname@example.org in order to initiate the compliance procedure; we will return the counter-signed document to you.
Interactions with other stakeholders
In the framework of a Digital Analytics project with AT Internet, you may be required to work with other stakeholders such as:
- Other measurement tools (e.g A/B test)
ActionFor all these stakeholders, potential processing must be validated if the GDPR applies (see introduction).
Proceed, where necessary and in the same manner as for AT Internet, to the implementation of a DPA.