Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") is made between you, the user, and WHATDRIVESTHEM.com ("Company", "we", "us"), in regard to the use of our online education platform and services accessible through www.whatdrivesthem.com ("Site").
Last Updated: February 15, 2023
Definitions
For the purposes of this DPA, the following terms shall have the meanings set forth below:
Data Controller, Data Processor, Data Subject, Personal Data, Processing: As defined in the General Data Protection Regulation (GDPR) and any applicable data protection laws.
GDPR: Refers collectively to the Regulation (EU) 2016/679, the GDPR as incorporated into UK law under the UK European Union (Withdrawal) Act 2018, the UK Data Protection Act 2018, and any future legislation that may amend or supplement them.
1. Technology Partners and Data Processing
We engage with third-party services to support our operations, including but not limited to Typeform for sign-ups and surveys, Squarespace for course content management, Stripe for payment processing, Zoom for live classes, Pipedrive for CRM, and Gmail for email communications. These partners have been selected based on their adherence to data protection laws and established data security practices.
2. Sub-processor Management
We will inform users of changes to our sub-processor arrangements as required by GDPR. We rely on the compliance and data protection assurances of our technology partners and will notify users of significant changes.
3. Breach Notification Process
In the event of a data breach at any of our technology partners, we will inform affected parties as soon as reasonably possible, following clarity on the incident's impact, in line with GDPR requirements.
4. Handling Data Subject Requests
We commit to responding to data subject access requests within 10 working days, following satisfactory verification of the requester's identity, in accordance with GDPR Article 15.
5. International Data Transfers
We operate with established international brands, ensuring compliance with GDPR and relevant laws for international data transfers. We rely on their mechanisms for the protection of personal data across borders.
6. Audit and Compliance
We conduct internal audits biennially and request annual compliance updates from our suppliers. This ensures adherence to data protection standards and maintains high levels of data security within our operations.
Security Measures
We implement technical and organisational measures to protect personal data, including encryption, access controls, and regular security assessments, ensuring the confidentiality, integrity, and availability of data processed.
Data Subjects’ Rights
We support the rights of data subjects under GDPR by facilitating requests for access, rectification, and deletion of personal data in a timely and efficient manner.
Amendments and Updates
This DPA may be amended to reflect changes in legal requirements, technology, or our operational practices. Amendments will be communicated to users and reflect our commitment to data protection compliance.
Governing Law and Jurisdiction
This DPA is governed by the laws of Spain, with jurisdiction granted to the competent courts of Spain for any disputes, unless otherwise required by applicable laws.
Conclusion
This DPA outlines our commitment to protecting personal data and ensuring compliance with GDPR and applicable data protection laws. By using our services, you agree to the terms outlined in this agreement.
For enquiries please contact gary @ whatdrivesthem .com