Legal Documents

Need Help?

Have questions about our policies? Contact our legal team.

Contact Us

Data Processing Agreement

Last updated: January 2025

Overview

This Data Processing Agreement (DPA) governs the processing of personal data by Jooab on behalf of our customers in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other privacy regulations.

Definitions

  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: The entity that processes personal data on behalf of the controller
  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data, including collection, use, storage, and deletion

Scope and Applicability

This DPA applies when Jooab processes personal data on behalf of customers who act as data controllers. It supplements our main service agreement and privacy policy, establishing the legal framework for compliant data processing.

Processing Obligations

Jooab's Obligations as Data Processor

  • Process personal data only on documented instructions from the controller
  • Ensure personnel processing data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Only engage sub-processors with prior written authorization
  • Assist with data subject rights requests and compliance obligations
  • Notify controller of personal data breaches without undue delay

Controller's Obligations

  • Ensure processing has a lawful basis under applicable law
  • Provide clear and documented processing instructions
  • Warrant they have authority to engage Jooab as processor

Security Measures

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest using industry-standard methods
  • Strict access controls and authentication mechanisms
  • Continuous monitoring and logging of data access and processing activities
  • Regular backups and disaster recovery procedures

International Data Transfers

When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place through adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under applicable law.

Sub-processors

We may engage trusted sub-processors to assist with service delivery. All sub-processors are bound by data protection obligations equivalent to those in this DPA and are regularly audited for compliance.

Data Subject Rights

We assist controllers in responding to data subject requests for:

  • Access to personal data and processing information
  • Correction of inaccurate or incomplete data
  • Deletion of personal data ("right to be forgotten")
  • Restriction of processing activities
  • Data portability in structured, machine-readable formats
  • Objection to processing based on legitimate interests

Data Breach Notification

We maintain incident response procedures to detect, investigate, and report data breaches. Controllers will be notified within 72 hours of breach discovery, including details of the incident and remediation steps taken.

Audits and Compliance

We undergo regular third-party security audits and maintain compliance certifications. Controllers may request audit reports and, upon reasonable notice, conduct audits to verify DPA compliance.

Data Retention and Deletion

Personal data is retained only as long as necessary for service provision or as required by law. Upon termination or deletion requests, data is securely deleted according to our data retention schedule.

Termination

Upon termination of services, we will delete or return personal data as directed by the controller, unless legal requirements mandate retention. Deletion is performed using secure methods to prevent data recovery.

Liability and Indemnification

Each party's liability is limited as set forth in the main service agreement. Controllers indemnify Jooab for claims arising from controller's processing instructions or violations of data protection law.

Governing Law

This DPA is governed by the same law as the main service agreement. Disputes will be resolved through the dispute resolution mechanisms specified in the main agreement.

Data Protection Contact

For all data protection inquiries, requests, or concerns related to this DPA, please contact our Data Protection Officer:

Data Protection Officer:

Email: dpo@jooab.com

Address: [To be specified based on company location]

Phone: [To be specified based on company requirements]

Copyright © 2025 Accentrust Inc.