Data Processing Agreement (DPA)
This DPA forms part of the agreement between SentryLink Global and the Client for services involving processing of personal data on behalf of the Client.
Contents
- Roles
- Processing
- Subprocessors
- Security Measures
- Assistance
- Data Subject Requests
- Deletion and Return
- Audits
Roles
The Client is the controller of personal data. SentryLink Global is the processor acting under documented instructions from the Client.
Processing
Processing is limited to monitoring, alerting, audits, and incident support. We will not process data for unrelated purposes and will notify the Client of conflicting instructions.
Subprocessors
We may engage vetted subprocessors for hosting, communications, or scheduling. We remain responsible and ensure equivalent data protection obligations via contracts.
Security Measures
We implement technical and organizational measures appropriate to risk, including access control, encryption in transit, logging, and incident response protocols.
Assistance
We assist the Client with data subject requests, impact assessments, and breach notifications as required by law and contract.
Data Subject Requests
We will promptly forward requests received directly to the Client unless otherwise authorized and will not respond without documented instructions.
Deletion and Return
Upon termination, we will delete or return personal data as instructed, subject to legal retention requirements. Temporary artifacts will be securely disposed.
Audits
We provide information necessary to demonstrate compliance and allow audits by the Client or a designated auditor, subject to confidentiality and reasonable scheduling.