Jump to Section
What is a Data Protection Agreement?
A data protection agreement is a legal document between an organization and a customer that establishes the terms of how personal data will be used. This agreement includes who has access to the information, what can happen with it, and if it needs to be removed from their system at any point in time.
In order for a data protection agreement to be legally binding, all parties involved must agree on its terms before signing off.
In today's world, where our lives are increasingly being lived online - from banking information to social media posts - many people have signed up for services governed by data protection agreements without fully understanding what they're agreeing to in regards to their personal data.
Common Sections in Data Protection Agreements
Below is a list of common sections included in Data Protection Agreements. These sections are linked to the below sample agreement for you to explore.
Data Protection Agreement Sample
1. | General Definitions. All capitalized terms not otherwise defined herein shall have the meanings set forth in the Agreement. |
2. | Scope of Addendum. As of the Addendum Effective Date and for any period of time thereafter during which Service Provider is a data importer and has possession of or access to FireEye Personal Data in connection with the Services until expiration or termination of the Agreement, Service Provider shall have implemented at its Facilities, and shall thereafter maintain policies, procedures and practices that satisfy the applicable requirements set forth in this Data Processing Addendum. Additionally, at all times during the duration of the Agreement and for any period of time thereafter during which Service Provider is a data importer and has possession of or access to FireEye Personal Data in connection with the Services, Service Provider shall maintain compliance with all applicable Data Protection Laws, including, when it comes into force, Regulation 2016/EC/679 (“General Data Protection Regulation” or “GDPR"). Notwithstanding the foregoing, if Service Provider cannot provide such compliance for whatever reasons, it agrees to promptly inform FireEye of its inability to comply, in which case the FireEye is entitled to suspend the transfer of Personal Data and/or terminate the related Design Services or Work as provided in Section 11.2 of the Agreement. |
3. | Data Processing/Privacy Definitions. For purposes of this Data Processing Addendum, "Personal Data", "Process(ing)" and “Data Subject(s)” will have the meaning given to these terms in accordance with the applicable country-specific Data Protection Laws, including but not limited to, the EU General Data Protection Directive (GDPR). During the term of the Agreement: |
4. | Processing. In performing its obligations in the Agreement, if Service Provider at any time from the Addendum Effective Date and until termination of the Services or the Agreement undertakes Processing of Personal Data for or on behalf of FireEye, Service Provider will process all Personal Data fairly and lawfully, respecting the Data Subject's privacy, and in accordance with all Data Protection Laws applicable to such Processing of Personal Data. Service Provider will take reasonable measures to require that all of its Personnel and each of its Sub-processors process all Personal Data in a similar manner as further described in Section 5 below. Service Provider will only Process FireEye Personal Data for the purposes of and in compliance with the terms set out in the Agreement or this Data Processing Addendum and in compliance with mutually agreed FireEye's instructions as issued from time to time. Service Provider will not (i) obtain any rights to any Personal Data by virtue of complying with its obligations in the Agreement and/or this Addendum; (ii) except with respect to approved Sub-processors or pursuant to applicable law, transfer or disclose any Personal Data (in part or in whole) to any third party, except as stipulated in this Data Processing Addendum, (iii) except as technically necessary to perform its obligations under the Agreement, transfer, access or store any Personal Data outside of the country in which the applicable Service Provider Facility is established ( the “Country Of Origination”), including via cloud services, without the explicit prior consent of FireEye, or (iv) Process or use any Personal Data for its own purposes or benefit. Service Provider will keep all Personal Data confidential and secure. |
5. | Third Parties & Sub-processors. Service Provider may subcontract its processing work that relates to Personal Data under the Agreement only with prior written consent of FireEye. Additionally, Service |
6. | International Transfers. All transfers of FireEye Personal Data outside of the Country Of origination by Service Provider (if any) will be in strict compliance with the relevant provisions of the Data Protection Laws in the originating country. Where the Personal Data originates in the EU, transfers can only occur either to a country with adequate Data Protection Laws or pursuant to Privacy Shield, the EU Standard Contractual Clauses, or Binding Corporate Rules. All transfers of Personal Data by Service Provider not technically necessary to perform its obligations under the Agreement will be done with the prior written consent of FireEye and will be made in strict accordance with applicable Data Protection Laws or contractual obligations on such transfers provided such contractual obligations do not violate applicable Data Protection Laws. All transfers of Personal Data outside of Canada, or countries within Asia Pacific and Latin America will be done so in accordance with applicable Data Protection Laws. |
7. | Cooperation & Enquiries. Service Provider will inform FireEye without undue delay if Service Provider receives any enquiry, complaint or claim from any court, governmental official, third parties or individuals (including but not limited to the Data Subjects) arising out of the Services and will provide FireEye reasonable support and cooperation in a timely manner in responding to any such request. Should FireEye, on the basis of applicable law, be obliged to provide access or information to a Data Subject about the Processing of Personal Data relating to him or her, Service Provider will, without levying a fee, reasonably assist FireEye in providing such access or information. |
8. | Confidentiality & Information Security. In addition to any other agreement and/or terms governing confidentiality between the parties, Service Provider will adopt adequate (taking into account the nature of Processing and the information available to Service Provider) technical and organizational measures reasonably necessary to secure the Personal Data and to prevent unauthorized access, alteration or loss of the same, including measures required by applicable Data Protection Laws. Service Provider will also ensure confidentiality of the Personal Data, including taking appropriate measures to ensure the same of its Personnel and Sub-processors. At the reasonable written request of FireEye, Service Provider will provide the former with a comprehensive and up-to-date data protection and security concept for the FireEye Personal Data obtained under the Agreement while performing the Services under the Agreement. |
9. | Privacy Violations, Security and Data Breach Incidents. When known or reasonably suspected by Service Provider while performing the Services under the Agreement, Service Provider will inform FireEye promptly if: (i) Service Provider or its Personnel infringe the applicable Data Protection Laws or obligations under the Agreement, (ii) significant failures during the Processing occur, or (iii) third parties have unauthorized or unintended access to the Personal Data. The parties are aware that the applicable Data Protection Law may impose a duty to inform the competent authorities or affected Data Subjects in the event of the loss or unlawful disclosure of Personal Data or access to it. These incidents should therefore be notified by Service Provider to FireEye without delay, regardless of their origin. This also applies to serious operational faults or where there is any suspicion of an infringement of provisions relating to the |
10. | Inspection & Audit Rights. Upon at least 30 days prior written notice as described in Section 12.11 of the Agreement and subject to the obligations herein, FireEye may inspect Service Provider's operating Facilities or conduct an audit (each an “Audit”), Service Provider’s security, manufacturing processes, quality processes and environmental systems controls used for processing FireEye Personal Data to ascertain compliance with this Data Processing Addendum at FireEye’s expense (although FireEye shall in no way be responsible for any expenses or costs incurred by Service Provider’s commercially reasonable support in assisting FireEye with the Audit or allowing FireEye to inspect their Facilities, and in the event a violation of Service Provider’s obligations under this Addendum is found that has the potential to compromise FireEye Personal Data, Service Provider shall be responsible for all reasonable costs and expenses incurred by FireEye in conducting the Audit). To the extent applicable to Service Provider’s obligations under this Addendum, this Audit may include, but is not limited to, the verification of whether the procedures for the technical and organizational requirements of data protection and information security are appropriate in accordance with FireEye’s Third Party Information Security Requirements Addendum (or similar obligations negotiated by the parties either in an agreement and/or separate amendment/addendum). Service Provider will provide FireEye with any reasonably necessary information and documents during the Audit. The Audit may be carried out once a year by FireEye’s data protection officer or a mutually accepted authorized representative unless a violation of Service Provider’s obligations under this Data Processing Addendum is found, and in such an event, FireEye may conduct another Audit within six months or if FireEye reasonably believes that Service Provider is not complying with the obligations contained in this Addendum. All Audits will be performed during normal working hours; subject to Service Provider’s reasonable security, safety, and confidentiality requirements; and in such a way that the Audit does not disrupt or compromise Service Provider’s infrastructure or ability to process normal business operations. In addition, Service Provider will reasonably allow and assist in the Audit of its obligations (at its own expense) under this Addendum. In addition, Service Provider will cooperate with any audit ordered by a relevant Data Protection Authority that arises from its performance under the Agreement. |
i. | Not directly related to FireEye Data Processed by Service Provider; |
ii. | Not directly related to the Design Services or Work provided to FireEye under the Agreement; |
iii. | In violation of applicable laws; and/or |
iv. | In violation of Service Provider’s confidentiality obligations owed to a third party |
11. | Indemnity. Subject to the remaining provisions of this Section 11, the parties hereby agree that Service Provider shall have the obligation of defense and indemnification for any Claim incurred by or assessed |
12. | Return of Personal Data. Following termination of the Agreement, Service Provider, except to the extent prohibited by applicable law, at the sole discretion and written request of FireEye, will return to FireEye or destroy and delete all FireEye Personal Data subject to Processing. Service Provider must certify in writing to FireEye that it has complied with the foregoing obligations. |
13. | Counterparts. This Addendum may be executed in counterparts, each of which when executed and delivered shall constitute an original of the Addendum, but all the counterparts shall together constitute the same document. No counterpart shall be effective until each party has executed at least one counterpart. Facsimile or electronic signatures shall be binding to the same extent as original signatures. |
14. | Integration. Except as otherwise set forth in this Addendum, all terms and conditions contained in the Agreement and not amended herein shall remain in full force and effect. In the event of a conflict between the Agreement and this Addendum or any other confidentiality term in an agreement between the parties, the order of precedence in respect of the Processing of FireEye Personal Data shall be: this Addendum and then the Agreement. |
Name of Sub-processor | Country Location of Sub-processor |
none | |
Reference:
Security Exchange Commission - Edgar Database, EX-10.2 2 flextronics-fireeyedatapro.htm EXHIBIT 10.2, Viewed September 20, 2021, View Source on SEC.
Who Helps With Data Protection Agreements?
Lawyers with backgrounds working on data protection agreements work with clients to help. Do you need help with a data protection agreement?
Post a project in ContractsCounsel's marketplace to get free bids from lawyers to draft, review, or negotiate data protection agreements. All lawyers are vetted by our team and peer reviewed by our customers for you to explore before hiring.
Meet some of our Data Protection Agreement Lawyers
Richard M.
Richard A. Mathurin is as a member of the professional team at Sage Law. Since graduating cum Laude from The University of Notre Dame and UCLA School of Law, Rich has enjoyed an exciting and diversified career in the practice of law. In his early career, he assisted several energy companies all over the world in the development and funding of major wind energy and other green technology projects. Following an assignment by his firm to their Far East offices in Tokyo and Singapore, Rich represented global corporations such as Hitachi, UPS, and Fuji-Xerox in major commercial transactions. More recently, Rich returned to his native San Diego to care for an ill family member and work in the local community. Rich specializes in tax resolution, bankruptcy and small business services helping clients get in compliance with complex tax laws and manage their personal and business finances. When he is not working servicing his valued clients, Rich is an ardent golfer and enjoys rooting for his favorite Boston sports teams.
January 21, 2024
Ernestas P.
I am a broadly skilled legal professional. I am highly drawn to technology, fintech, intellectual property, privacy law, contracts. I am also experienced in business litigation and business transactions. I have been told to have the following skills perfect time management, critical thinking, problem solving, attention to detail, communication and decision making. As a former flight attendant, I am well versed and acquired many of those skills in a fast faced multicultural/multilingual setting. I am able to work solo or as a team member and quickly adapt to changes. Finally, I am fluent in English, Lithuanian, Russian.
January 26, 2024
Scott B.
Scott Bowen, Esq brings legal experience in family law, special education law, and healthcare law matters. Scott also has over 20 years of expertise in healthcare compliance, medical coding, and healthcare consulting to the firm.
January 29, 2024
Damian T.
Damian is a founding partner of Holon Law Partners. He began his career as an officer in the Marine Corps, managing legal affairs for his command in Okinawa, Japan. In this role, he conducted investigations, assembled juries for courts martial, and advised his commander on criminal justice matters. Damian was twice selected to serve as his unit’s liaison to the Japanese government and self-defense forces. Damian later worked as a transactional attorney in New York, where he handled commercial real estate, finance, and restructuring matters. He has also participated in insider trading investigations at the SEC, worked on compliance at a private equity firm, and managed legal operations and special projects at a vertically integrated cannabis company in New Mexico. Damian draws on these diverse experiences to provide his clients with creative solutions to thorny legal issues – from negotiating commercial leases to managing complex securities offerings. In addition to practicing law, Damian volunteers as a research assistant at the University of New Mexico Medical School’s McCormick Lab – studying the microbiology of longevity and aging. When not working, he enjoys spending time with his two pit bulls and pursuing his passions for foreign languages, art, philosophy, and fitness. Damian resides in Albuquerque, New Mexico.
January 28, 2024
Jonathan F.
Trial and transactional attorney with over 30 years experience with complex business transactions and disputes.
January 28, 2024
Aaron S.
My passion is protecting the passions of others. I have 5+ years of contract review, and all aspects of entertainment law including negotiation, mediation, intellectual property, copyright, and music licensing. I also have experience working with nonprofits, and small businesses helping with formation, dissolution, partnerships, etc. I am licensed in both Texas and California.
February 7, 2024
Nuo Jia (Lois) L.
Attorney Lois Li is a bilingual business and commercial attorney licensed in Michigan, U.S. since 2014, in Ontario, Canada since 2015, and in New York, U.S. since 2020. As an attorney licensed in two countries, Lois leads Alpine Law’s US/China/Canada practice. She is experienced in legal and contractual transactions in both English and Chinese. Lois has over six years of experience in assisting clients with business operations and legal services, and is specialized in advising companies with legal needs in International Business, Securities law, Cryptocurrency – Block chain, and Fin-Tech. Having served as both an outside and an in-house counsel, Lois worked with many startup and small businesses. With a strong understanding of core business and the ability to translate business needs into legal requirements, Lois has assisted many companies to establish policies and procedures, and drafted and negotiated employment and transaction contracts. Further licensed as a Registered Nurse since 2010, Lois specializes in healthcare law and is experienced in FDA, HIPAA, Medicare and Medicaid regulations. She has assisted many businesses in the medical and healthcare industry.
Find the best lawyer for your project
Browse Lawyers NowHow It Works
Privacy lawyers by top cities
- Austin Privacy Lawyers
- Boston Privacy Lawyers
- Chicago Privacy Lawyers
- Dallas Privacy Lawyers
- Denver Privacy Lawyers
- Houston Privacy Lawyers
- Los Angeles Privacy Lawyers
- New York Privacy Lawyers
- Phoenix Privacy Lawyers
- San Diego Privacy Lawyers
- Tampa Privacy Lawyers
Data Protection Agreement lawyers by city
- Austin Data Protection Agreement Lawyers
- Boston Data Protection Agreement Lawyers
- Chicago Data Protection Agreement Lawyers
- Dallas Data Protection Agreement Lawyers
- Denver Data Protection Agreement Lawyers
- Houston Data Protection Agreement Lawyers
- Los Angeles Data Protection Agreement Lawyers
- New York Data Protection Agreement Lawyers
- Phoenix Data Protection Agreement Lawyers
- San Diego Data Protection Agreement Lawyers
- Tampa Data Protection Agreement Lawyers
related contracts
- Acceptable Use Policy
- App Development Agreement
- Basic Privacy Policy
- Beta Test Agreement
- Click Wrap Agreement
- Cloud Services Agreement
- Company Privacy Policy
- Cookies Policy
- Data Processing Agreement
- Data Sharing Contract
other helpful articles
- How much does it cost to draft a contract?
- Do Contract Lawyers Use Templates?
- How do Contract Lawyers charge?
- Business Contract Lawyers: How Can They Help?
- What to look for when hiring a lawyer
Quick, user friendly and one of the better ways I've come across to get ahold of lawyers willing to take new clients.
View Trustpilot ReviewContracts Counsel was incredibly helpful and easy to use. I submitted a project for a lawyer's help within a day I had received over 6 proposals from qualified lawyers. I submitted a bid that works best for my business and we went forward with the project.
View Trustpilot ReviewI never knew how difficult it was to obtain representation or a lawyer, and ContractsCounsel was EXACTLY the type of service I was hoping for when I was in a pinch. Working with their service was efficient, effective and made me feel in control. Thank you so much and should I ever need attorney services down the road, I'll certainly be a repeat customer.
View Trustpilot ReviewI got 5 bids within 24h of posting my project. I choose the person who provided the most detailed and relevant intro letter, highlighting their experience relevant to my project. I am very satisfied with the outcome and quality of the two agreements that were produced, they actually far exceed my expectations.
View Trustpilot Review