- | powered by MyCo

Data Processing Agreement (DPA)

This Data Processing Agreement ("Agreement") forms part of the contract between:
- My Centre Office Ltd ("Processor"),
- and the customer organisation ("Controller") using the My Centre Office service.

1. DEFINITIONS

- Controller: The entity that determines the purposes and means of processing personal data.
- Processor: The entity that processes personal data on behalf of the Controller.
- Personal Data: Any information relating to an identified or identifiable individual.
- Processing: Any operation performed on personal data (collecting, storing, using, etc.).

2. SUBJECT MATTER AND DURATION

The Processor will process Personal Data as necessary to provide the mycentreoffice service. This Agreement remains in effect as long as the Processor processes Personal Data for the Controller.

3. SCOPE AND PURPOSE OF PROCESSING

Processor will process Personal Data only to the extent required to provide the contracted services and as instructed by the Controller.

4. PROCESSOR OBLIGATIONS

The Processor agrees to:
- Process Personal Data only on documented instructions from the Controller.
- Implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
- Ensure that all personnel authorised to process Personal Data are bound by confidentiality.
- Assist the Controller in complying with data subject rights, data breach notifications, and data protection impact assessments.
- Notify the Controller without undue delay if a personal data breach occurs.
- Delete or return Personal Data upon termination of the contract, unless otherwise required by law.

5. CONTROLLER OBLIGATIONS

The Controller agrees to:
- Provide clear instructions for processing Personal Data.
- Ensure lawful basis for processing and inform data subjects as required.
- Cooperate with the Processor to comply with applicable data protection laws.

6. SUB-PROCESSORS

Processor may engage sub-processors only with Controller’s prior consent. The Processor will ensure sub-processors comply with equivalent data protection obligations.

7. INTERNATIONAL DATA TRANSFERS

If Personal Data is transferred outside the UK or EEA, Processor will ensure adequate safeguards are in place.

8. LIABILITY

Each party remains responsible for its compliance with data protection laws. Processor is liable for breaches caused by its failure to comply with this Agreement.

9. GOVERNING LAW

This Agreement is governed by the laws of the United Kingdom.