Personal Data Processing Agreement: Definition, Terms, Example
Jump to Section
Quick Facts — Personal Data Processing Agreement Lawyers
- Avg cost to draft a Data Processing Agreement: $900.00
- Avg cost to review a Data Processing Agreement: $520.00
- Lawyers available: 41 technology lawyers
- Clients helped: 24 recent personal data processing agreement projects
- Avg lawyer rating: 5.0 (2 reviews)
What is a Personal Data Processing Agreement?
A personal data processing agreement is a contract between a data controller and processor the deals with how personal data is handled. The contract states who each party is and what their roles and responsibilities are under the agreement. The main purpose of the personal data processing agreement is to set rules and regulations that create a definitive pathway for data controllers and processors to adequately protect their clients' personal data. This ensures they have protocols in place to achieve this goal.
By drawing and signing a personal data processing agreement, data controllers and processors denote that they understand their obligations to protect customers' personal data and provides legal solutions to problems should they arise.
Common Sections in Personal Data Processing Agreements
Below is a list of common sections included in Personal Data Processing Agreements. These sections are linked to the below sample agreement for you to explore.
Personal Data Processing Agreement Sample
Exhibit 10.20
DATA PROCESSING AGREEMENT
THIS AGREEMENT is made in September 22 nd, 2020
BETWEEN:
| (1) | MyFiziq Limited (ABN 85 602 111 115) of Unit 5, 71-73 South Perth Esplanade, South Perth Western Australia 6151 (“Data Controller” or “MyFiziq”)) and |
| (2) | NuraLogix Corporation (GST Number: 800817272 RT0001) of 1801-250 Yonge St, Toronto, Ontario M5B 2L7, Canada (“Data Processor” or “NuraLogix”). |
BACKGROUND:
| (1) | Under an agreement between the Data Controller and the Data Processor (“the Service Agreement”) the Data Processor provides to the Data Controller the Services described in Schedule 1. |
| (2) | The provision of the Services by the Data Processor involves it in processing the Personal Data described in Schedule 2 on behalf of the Data Controller. |
| (3) | The Personal Data may include information about individuals falling within scope of EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”), the California Consumer Privacy Act, California Civil Code sections 1798.100 et seq (“the CCPA”), or equivalent data protection laws globally (collectively “the Data Protection Legislation”). |
| (4) | The Data Protection Legislation requires that the Data Controller is required to put in place an agreement in writing between the Data Controller and any organisation which processes Personal Data on its behalf governing the processing of that data. |
| (5) | The Parties have agreed to enter into this Agreement to ensure compliance with the said provisions of the Data Protection Legislation in relation to all processing of the Personal Data by the Data Processor for the Data Controller. |
| (6) | The terms of this Agreement are to apply to all processing of Personal Data carried out for the Data Controller by the Data Processor and to all Personal Data held by the Data Processor in relation to all such processing. |
IT IS AGREED as follows:
| 1. | Definitions and Interpretation |
| 1.1 | In this Agreement, unless the context otherwise requires, the following expressions have the following meanings: |
| “controller”, “processor”, “processing”, and “data subject” | shall have the meanings given to the terms “controller”, “processor”, “processing”, and “data subject” respectively in Article 4 of the GDPR; |
Page 1 of 12
| “Personal Data” | means all such “personal data”, as defined in Article 4 of the GDPR, as is, or is to be, processed by the Data Processor on behalf of the Data Controller, as described in Schedule 2; | |
| “Services” | means those services described in Schedule 1 which are provided by the Data Processor to the Data Controller and which the Data Controller uses for the purposes described in Schedule 1; | |
| “Sub-Processor” | means a sub-processor appointed by the Data Processor to process the Personal Data; and | |
| “Sub-Processing Agreement” | means an agreement between the Data Processor and a Sub-Processor governing the Personal Data processing carried out by the Sub-Processor, as described in Clause 7. |
| 1.2 | Unless the context otherwise requires, each reference in this Agreement to: |
| 1.2.1 | “writing”, and any cognate expression, includes a reference to any communication effected by electronic or facsimile transmission or similar means; |
| 1.2.2 | a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time; |
| 1.2.3 | “this Agreement” is a reference to this Agreement and each of the Schedules as amended or supplemented at the relevant time; |
| 1.2.4 | a Schedule is a schedule to this Agreement; and |
| 1.2.5 | a Clause or paragraph is a reference to a Clause of this Agreement (other than the Schedules) or a paragraph of the relevant Schedule. |
| 1.2.6 | a “Party” or the “Parties” refer to the parties to this Agreement. |
| 1.3 | The headings used in this Agreement are for convenience only and shall have no effect upon the interpretation of this Agreement. |
| 1.4 | Words imparting the singular number shall include the plural and vice versa. |
| 1.5 | References to any gender shall include all other genders. |
| 1.6 | References to persons shall include corporations. |
| 2. | Scope and Application of this Agreement |
| 2.1 | The provisions of this Agreement shall apply to the processing of the Personal Data described in Schedule 2, carried out for the Data Controller by the Data Processor, and to all Personal Data held or accessed by the Data Processor in relation to all such processing whether such Personal Data is held at the date of this Agreement or received afterwards. |
| 2.2 | The provisions of this Agreement supersede any other arrangement, understanding, or agreement including, but not limited to, the Service Agreement made between the Parties at any time relating to the Personal Data. |
| 2.3 | This Agreement shall continue in full force and effect for so long as the Data Processor is processing Personal Data on behalf of the Data Controller, and thereafter as provided in Clause 11. |
Page 2 of 12
| 3. | Provision of the Services and Processing Personal Data |
| 3.1 | The Data Processor is only to carry out the Services, and only to process the Personal Data received from the Data Controller: |
| 3.1.1 | for the purposes of those Services and not for any other purpose; |
| 3.1.2 | to the extent and in such a manner as is necessary for those purposes; and |
| 3.1.3 | strictly in accordance with the express written authorisation and instructions of the Data Controller (which may be specific instructions or instructions of a general nature or as otherwise notified by the Data Controller to the Data Processor). |
| 4. | Data Protection Compliance |
| 4.1 | All instructions given by the Data Controller to the Data Processor shall be made in writing and shall at all times be in compliance with the Data Protection Legislation. The Data Processor shall act only on such written instructions from the Data Controller unless the Data Processor is required by law to do otherwise. |
| 4.2 | The Data Processor shall promptly comply with any request from the Data Controller requiring the Data Processor to amend, transfer, delete, or otherwise dispose of the Personal Data. |
| 4.3 | The Data Processor shall transfer all Personal Data to the Data Controller on the Data Controller’s request in the formats, at the times, and in compliance with the Data Controller’s written instructions. |
| 4.4 | Both Parties shall comply at all times with the Data Protection Legislation and other applicable laws and shall not perform their obligations under this Agreement or any other agreement or arrangement between themselves in such way as to cause either Party to breach any of its applicable obligations under the Data Protection Legislation. |
| 4.5 | The Data Processor agrees to comply with any reasonable measures required by the Data Controller to ensure that its obligations under this Agreement are satisfactorily performed in accordance with any and all applicable legislation from time to time in force. |
| 4.6 | The Data Processor shall provide all reasonable assistance to the Data Controller in complying with its obligations under the Data Protection Legislation with respect to the security of processing, the notification of personal data breaches, the conduct of data protection impact assessments and equivalent risk assessments, and in dealings with any applicable data protection regulators. |
| 4.7 | When processing the Personal Data on behalf of the Data Controller, the Data Processor shall: |
| 4.7.1 | not process the Personal Data outside of Canada or the European Economic Area (all EU member states, plus Iceland, Liechtenstein, and Norway) (“EEA”) without the prior written consent of the Data Controller and, where the Data Controller consents to such a transfer to a country that is outside of Canada or EEA, to comply with the obligations of Data Processors under the provisions applicable to transfers of Personal Data to third countries set out in Chapter 5 of the GDPR by providing an adequate level of protection to any Personal Data that is transferred; |
Page 3 of 12
| 4.7.2 | not transfer any of the Personal Data to any third party without the written consent of the Data Controller and, in the event of such consent, the Personal Data shall be transferred strictly subject to the terms of a suitable agreement, as set out in Clause 7; |
| 4.7.3 | process the Personal Data only to the extent, and in such manner, as is necessary in order to comply with its obligations to the Data Controller or as may be required by law (in which case, the Data Processor shall inform the Data Controller of the legal requirement in question before processing the Personal Data for that purpose unless prohibited from doing so by law); |
| 4.7.4 | if so requested by the Data Controller (and within the timescales required by the Data Controller) supply further details of the technical and organisational systems in place to safeguard the security of the Personal Data held and to prevent unauthorised access; |
| 4.7.5 | keep detailed records of all processing activities carried out on the Personal Data; |
| 4.7.6 | make available to the Data Controller any and all such information as is reasonably required and necessary to demonstrate the Data Processor’s compliance with the Data Protection Legislation; |
| 4.7.7 | on reasonable prior notice, submit to audits and inspections and provide the Data Controller with any information reasonably required in order to assess and verify compliance with the provisions of this Agreement and both Parties’ compliance with the requirements of the Data Protection Legislation. The requirement to give notice will not apply if the Data Controller believes that the Data Processor is in breach of any of its obligations under this Agreement or under the law; and |
| 4.7.8 | inform the Data Controller immediately if it is asked to do anything that infringes the Data Protection Legislation. |
| 5. | Data Subject Access, Complaints, and Breaches |
| 5.1 | The Data Processor shall assist the Data Controller in complying with its obligations under the Data Protection Legislation. In particular, the following shall apply to data subject access requests, complaints, and data breaches. |
| 5.2 | The Data Processor shall notify the Data Controller without undue delay if it receives: |
| 5.2.1 | a subject access request from a data subject; or |
| 5.2.2 | any other complaint or request relating to the processing of the Personal Data. |
| 5.3 | The Data Processor shall cooperate fully with the Data Controller and assist as required in relation to any subject access request, complaint, or other request, including by: |
| 5.3.1 | providing the Data Controller with full details of the complaint or request; |
| 5.3.2 | providing the necessary information and assistance in order to comply with a subject access request; |
| 5.3.3 | providing the Data Controller with any Personal Data it holds in relation to a data subject (within the timescales required by the Data Controller); and |
| 5.3.4 | providing the Data Controller with any other information requested by the Data Controller. |
Page 4 of 12
| 5.4 | The Data Processor shall notify the Data Controller immediately if it becomes aware of any form of Personal Data breach, including any unauthorised or unlawful processing, loss of, damage to, or destruction of any of the Personal Data. |
| 6. | Security |
The Data Processor shall implement suitable technical and organisational security measures in order to protect the Personal Data against unauthorised or unlawful access, processing, disclosure, copying, alteration, storage, reproduction, display, or distribution; and against loss, destruction, or damage, whether accidental or otherwise. Such measures shall include, but not be limited to, those set out in Schedule 3. Such measures shall be fully documented in writing by the Data Processor and be reviewed at least annually to ensure that they remain up-to- date, complete, and appropriate. The Data Processor shall inform the Data Controller in advance of any changes to such measures.
| 7. | Appointment of Sub-Processors |
| 7.1 | The Data Processor shall not sub-contract any of its obligations or rights under this Agreement without the prior written authorisation of the Data Controller (such authorisation not to be unreasonably withheld). |
| 7.2 | The Controller authorises the Data Processor’s appointment of the Sub-Processors listed at Schedule 4. |
| 7.3 | Where the Data Processor appoints a Sub-Processor (with the written consent of the Data Controller), the Data Processor shall: |
| 7.3.1 | enter into a Sub-Processing Agreement with the Sub-Processor which shall impose upon the Sub-Processor the same obligations as are imposed upon the Data Processor by this Agreement and which shall permit both the Data Processor and the Data Controller to enforce those obligations; and |
| 7.3.2 | ensure that the Sub-Processor complies fully with its obligations under the Sub-Processing Agreement and the GDPR. |
| 7.4 | In the event that a Sub-Processor fails to meet its obligations under any Sub-Processing Agreement, the Data Processor shall remain fully liable to the Data Controller for failing to meet its obligations under this Agreement. |
| 8. | Deletion and/or Disposal of Personal Data |
| 8.1 | The Data Processor shall, at the written request of the Data Controller, delete (or otherwise dispose of) the Personal Data or return it to the Data Controller in the format(s) reasonably requested by the Data Controller within a reasonable time after the earlier of the following: |
| 8.1.1 | the end of the provision of the Services; or |
| 8.1.2 | the processing of that Personal Data by the Data Processor is no longer required for the performance of the Data Processor’s obligations under this Agreement or the Service Agreement. |
| 8.2 | Following the deletion, disposal, or return of the Personal Data under Clause 8.1, the Data Processor shall delete (or otherwise dispose of) all further copies of the Personal Data that it holds, unless retention of such copies is required by law, in which case the Data Processor shall inform the Data Controller of such requirement(s) in writing. |
Page 5 of 12
| 9. | Liability and Indemnity |
The Data Processor shall indemnify, keep indemnified and defend the Data Controller, at the Data Processor’s own expense, against all claims, liabilities, costs, expenses, damages and losses (including all interest, penalties and legal costs (calculated on a full indemnity basis) and all other professional costs and expenses) suffered or incurred by the Data Controller arising out of the failure by the Data Processor or its employees or agents to comply with of its obligations under this Agreement (“Claims”). Each party acknowledges that Claims include any claim or action brought by a data subject arising from the Supplier’s breach of its obligations under this Agreement.
| 10. | Intellectual Property Rights |
All copyright, database rights, and other intellectual property rights subsisting in the Personal Data (including but not limited to any updates, amendments, or adaptations to the Personal Data made by either the Data Controller or the Data Processor) shall belong to the Data Controller or to any other applicable third party from whom the Data Controller has obtained the Personal Data under licence (including, but not limited to, data subjects, where applicable). The Data Processor is licensed to use such Personal Data under such rights only for the purposes of the Services, and in accordance with this Agreement.
| 11. | Confidentiality |
| 11.1 | The Data Processor shall maintain the Personal Data in confidence, and in particular, unless the Data Controller has given written consent for the Data Processor to do so, the Data Processor shall not disclose any Personal Data supplied to the Data Processor by, for, or on behalf of, the Data Controller to any third party. The Data Processor shall not process or make any use of any Personal Data supplied to it by the Data Controller otherwise than in connection with the provision of the Services to the Data Controller. |
| 11.2 | The Data Processor shall ensure that all personnel who are to access and/or process any of the Personal Data are contractually obliged to keep the Personal Data confidential. |
| 11.3 | The obligations set out in in this Clause 11 shall continue for a period of six years after the cessation of the provision of Services by the Data Processor to the Data Controller. |
| 11.4 | Nothing in this Agreement shall prevent either Party from complying with any requirement to disclose Personal Data where such disclosure is required by law. In such cases, the Party required to disclose shall notify the other Party of the disclosure requirements prior to disclosure, unless such notification is prohibited by law. |
| 12. | Law and Jurisdiction |
| 12.1 | This Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of California. |
| 12.2 | Any dispute, controversy, proceedings or claim between the Parties relating to this Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of the of California. |
Page 6 of 12
| SIGNED for and on behalf of the Data Controller by: | |
| MyFiziq CEO, Vlado Bosanac | |
| /s/ Vlado Bosanac | |
| Authorised Signature | |
| Date: September 22 nd, 2020 | |
| SIGNED for and on behalf of the Data Processor by: | |
| NuraLogix CEO, Marzio Pozzuoli | |
| /s/ Marzio Pozzuoli | |
| Authorised Signature | |
| Date: September 22 nd, 2020 |
Page 7 of 12
SCHEDULE 1
The Services
The provision, maintenance and improvement of the DeepAffex service, a cloud-based affective intelligence platform that utilizes innovative facial blood-flow imaging technology to detect, measure, analyze and access human physiology and psychological affects. The DeepAffex service is made of components including:
| ● | “DeepAffex Dashboard” (NuraLogix’s web portal used by the Processor for tasks such as Licensee Account configuration, viewing end user data, and billing). |
| ● | “DeepAffex Platform SDK” (the Desktop SDK and/or the Mobile SDK). |
| ● | “DeepAffex SaaS Engine” (NuraLogix’s cloud-based software-as-a-service affective intelligence engine that applies advanced signal processing and deep learning artificial intelligence models to predict physiological and psychological affects and stores end user data). |
| ● | “Desktop SDK” (the APIs and software development tools for the Windows, Mac and Linux platforms made available by NuraLogix for the purpose of accelerating the integration of a desktop application with the APIs and the DeepAffex SaaS engine.) |
| ● | “Mobile SDK” (the software development tools for the iOS and Android mobile platforms made available by NuraLogix for the purpose of accelerating the integration of a mobile application with the APIs and the DeepAffex SaaS Engine. The Mobile SDK also includes the measurement capabilities from NuraLogix’s Anura mobile application (including calibration, constraints, and interface) as well as a functional sample application.) |
Page 8 of 12
SCHEDULE 2
Personal Data
| Types of Personal Data | Email address, Name, Phone/Cell number, Photos, Facial Blood Flow data (FBF), measured biometric results e.g. Height, Weight, Age, Heart rate, Breathing rate, Blood pressure, Heart Rate Variability (HRV), Cardiac Workload (CW), Stress Index (MSI), Body Mass Index (BMI), Cardiovascular Disease Risk (CVD risk), Heart Attack Risk (HA risk), Stroke Risk (STK risk), computed results (e.g. General Wellness Score), IPs, usage data, device identification data. | |
| Category of Data Subjects | Users (consumers) of MyFiziq’s products and services which incorporate NuraLogix’s DeepAffex SaaS Engine. | |
| Nature of Processing | Using facial blood-flow imaging technology to detect, measure, analyze and access human physiology and psychological affects | |
| Purpose of Processing | To incorporate physiological and psychological calculations and inferences generated about users in the MyFiziq products and services which incorporate NuraLogix’s DeepAffex SaaS Engine. |
Page 9 of 12
SCHEDULE 3
Security Measures
| 1. | The Data Processor shall ensure that, in respect of all Personal Data it receives from or processes on behalf of the Data Controller, it maintains security measures to a standard appropriate to: |
| 1.1 | the harm that might result from unlawful or unauthorised processing or accidental loss, damage, or destruction of the Personal Data; and |
| 1.2 | the nature of the Personal Data. |
| 2. | In particular, the Data Processor shall: |
| 2.1 | have in place, and comply with, a security policy which: |
| 2.1.1 | defines security needs based on a risk assessment; |
| 2.1.2 | allocates responsibility for implementing the policy to a specific individual or personnel; |
| 2.1.3 | is disseminated to all relevant staff; and |
| 2.1.4 | provides a mechanism for feedback and review. |
| 2.2 | ensure that appropriate security safeguards and anti-malware protection are in place to protect the hardware and software which is used in processing the Personal Data in accordance with best industry practice; |
| 2.3 | ensure that the effectiveness of all measures detailed in this Agreement and in any specific security policy are regularly tested, assessed, and evaluated; |
| 2.4 | prevent unauthorised access to the Personal Data; |
| 2.5 | protect the Personal Data using pseudonymisation, where it is practical to do so; |
| 2.6 | implement such measures as are necessary to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services used to process Personal Data; |
| 2.7 | ensure that its storage of Personal Data conforms with best industry practice such that the media on which Personal Data is recorded (including paper records and records stored electronically) are stored in secure locations and access by personnel to Personal Data is strictly monitored and controlled; |
| 2.8 | have secure methods in place for the transfer of Personal Data whether in physical form (for example, by using couriers rather than post) or electronic form (for example, by using encryption); |
| 2.9 | encrypting all Personal Data at rest and in transit using industry standard encryption ciphers; |
| 2.10 | utilising multi-factor authentication on all computers and other devices on which Personal Data is stored; |
| 2.11 | take reasonable steps to ensure the reliability of personnel who have access to the Personal Data; |
Page 10 of 12
| 2.12 | have in place methods for detecting and dealing with breaches of security (including loss, damage, or destruction of Personal Data) including, but not limited to: |
| 2.12.1 | the ability to identify which individuals have worked with specific Personal Data; |
| 2.12.2 | having a proper procedure in place for investigating and remedying personal data breaches and breaches of the Data Protection Legislation; and |
| 2.12.3 | notifying the Data Controller as soon as any such breach occurs. |
| 2.13 | have a secure procedure for backing up all Personal Data, whether stored electronically or otherwise, enabling Personal Data to be restored in a timely fashion, and storing back-ups separately from originals; |
| 2.14 | have a secure method of disposal of unwanted Personal Data including for back-ups, disks, print-outs, and redundant equipment; and |
| 2.15 | adopt such organisational, operational, and technological processes and procedures as are required to comply with the requirements of ISO/IEC 27001:2013, as appropriate to the Services provided to the Data Controller. |
Page 11 of 12
SCHEDULE 4
Authorised Sub-Processors
| ● | Amazon Web Services (AWS) – provided the NuraLogix AWS hosting is located in Canada or the European Economic Area. |
Page 12 of 12
Reference:
Security Exchange Commission - Edgar Database, EX-10.20 23 ea146219ex10-20_advanced.htm DATA PROCESSING AGREEMENT BY AND BETWEEN NURALOGIX CORPORATION AND MYFIZIQ LIMITED DATED, SEPTEMBER 22, 2020, Viewed March 11, 2023, View Source on SEC.
Who Helps With Personal Data Processing Agreements?
Lawyers with backgrounds working on personal data processing agreements work with clients to help. Do you need help with a personal data processing agreement?
Post a project in ContractsCounsel's marketplace to get free bids from lawyers to draft, review, or negotiate personal data processing agreements. All lawyers are vetted by our team and peer reviewed by our customers for you to explore before hiring.
See Real Data Processing Agreement Projects
New York Data Processing Agreement for PR firm Drafting
- New York
- 3 lawyer bids
- $800 - $1,200
Delaware Contract Review for Data License Agreement Review
- Delaware
- 3 lawyer bids
- $600 - $900
California Data Processing Agreement Review Review
- California
- 11 lawyer bids
- $100 - $5,500
See all Data Processing Agreement projects
ContractsCounsel is not a law firm, and this post should not be considered and does not contain legal advice. To ensure the information and advice in this post are correct, sufficient, and appropriate for your situation, please consult a licensed attorney. Also, using or accessing ContractsCounsel's site does not create an attorney-client relationship between you and ContractsCounsel.
Need help with a Personal Data Processing Agreement?
Meet some of our Personal Data Processing Agreement Lawyers
Kenneth G.
Kenneth E. Gray, Jr. is a business and tax attorney who advises entrepreneurs, investors, and closely held companies on transactions, tax planning, disputes, and long-term wealth structuring. He focuses on helping clients make legally sound decisions that also make business sense. Ken’s practice includes business formation and restructuring, mergers and acquisitions, private investments and fundraising transactions, contract drafting and negotiation, and cross-border matters. He also maintains a significant tax practice, advising on federal and state structuring, specialty filings (including partnership, corporate, and non-resident matters), and representing clients in disputes before the U.S. Tax Court and other federal and state tribunals. In addition to his transactional work, Ken handles commercial and business litigation, including tax controversies, financial disputes, and partnership matters. His litigation experience informs how he structures deals and governance documents, with an eye toward preventing disputes before they arise. Ken also advises individuals and families on estate planning, trust formation, tax-efficient wealth transfer strategies, and probate administration, including planning involving closely held businesses and foreign assets. Before practicing law, Ken worked in banking and private equity, including managing a $5 billion emerging markets fund-of-funds portfolio at the U.S. Overseas Private Investment Corporation (OPIC) and serving in equity research at ABN AMRO. That financial background allows him to understand transactions from both the legal and capital perspective. He holds a J.D. from Georgetown University Law Center and an MBA from Yale University. He practices before the U.S. Tax Court, various state courts, and other federal courts.
"It is not easy to find a lawyer that knows Offshore Asset Protection Trusts, which own a foreign LLC, which owns a USA LLC. Fines could reach $100K if the tax forms are incorrect, or not filed. He was able to review my draft returns and provide memos with required changes (many, many changes), after 1 follow-up everything was basically done other than a few tiny edits. I really appreciated how he worked me in, right in the busiest time of tax season, to ensure there were no errors. Would definitely hire again."
Tim E.
Tim advises small businesses, entrepreneurs, and start-ups on a wide range of legal matters. He has experience with company formation and restructuring, capital and equity planning, tax planning and tax controversy, contract drafting, and employment law issues. His clients range from side gig sole proprietors to companies recognized by Inc. magazine.
"Tim was excellent! I gave him project details (liability waiver and rental agreement) and what I needed and he produced the day he said he would with ZERO revisions needed. Highly recommend."
Jason H.
Jason has been providing legal insight and business expertise since 2001. He is admitted to both the Virginia Bar and the Texas State Bar, and also proud of his membership to the Fellowship of Ministers and Churches. Having served many people, companies and organizations with legal and business needs, his peers and clients know him to be a high-performing and skilled attorney who genuinely cares about his clients. In addition to being a trusted legal advisor, he is a keen business advisor for executive leadership and senior leadership teams on corporate legal and regulatory matters. His personal mission is to take a genuine interest in his clients, and serve as a primary resource to them.
"Wonderful attorney! He was extremely professional, answered all of my questions and was patient with my complicated legal situation. Don’t hesitate to hire him."
Kimbrelly K.
Attorney Kegler has been licensed to practice law in the State of North Carolina since 1998. Over the years, she has worked in firms that focused on small business financing, initial startup formation, to starting several businesses of her own with bootstrap financing to venture capital funding. As a Certified Dream Manager, she couples the skills of listening to understand the big picture to get to solutions that not only fit today's needs but also the long term needs of her entrepreneurial clients.
"Exposed a number of necessities which I had totally overlooked trying to start things on my own. She was straight-forward about what needed done, offered a thorough plan of action to get us to where we needed to be, and maintained an optimistic, caring, and friendly atmosphere through the project. I would highly recommend her services to anyone looking to start a business!"
Christina S.
I am an attorney who has been practicing for over a decade, experienced in multiple areas of law, both from a litigation and more procedural side. The great thing about my practice is that it has trained me to deal with so many different types of problems and to find solutions in a variety of legal scenarios that are almost never similar.
"Christina was prompt and friendly and walked me through the steps I needed to take to file for my name change! She made the process much less intimidating and I highly recommend her services."
Karl D. S.
Karl D. Shehu, has a multidisciplinary practice encompassing small business law, estate and legacy planning, real estate law, and litigation. Attorney Shehu has assisted families, physicians, professionals, and people of faith provide for their loved ones by crafting individualized estate and legacy plans. Protecting families and safeguarding families is his passion. Attorney Shehu routinely represents lenders, buyers, sellers, and businesses in real estate transactions, researching and resolving title defects, escrowing funds, and drafting lending documents. To date, Attorney Shehu has closed a real estate deal in every town in Connecticut. As a litigator, Attorney Shehu has proven willing to engage in contentious court battles to obtain results for his clients. While practicing at DLA Piper, LLP, in Boston, Attorney Shehu represented the world’s largest pharmaceutical companies in multidistrict litigations filed throughout the United States. He has been a passionate advocate for immigrants and the seriously injured, frequently advising against lowball settlement offers. He is willing to try every case to verdict, and he meticulously prepares every case for trial. Attorney Shehu began his legal career as a consumer lawyer, utilizing fee-shifting statutes to force unscrupulous businesses to pay the legal fees of aggrieved consumers. For example, in Access Therapies v. Mendoza, 1:13-cv-01317 (S.D. Ind. 2014), Attorney Shehu utilized unique interpretations of the Trafficking Victims Protection Act, Truth-in-Lending Act, and Racketeer Influenced and Corrupt Organizations Act (RICO) to obtain a favorable result for his immigrant client. Attorney Shehu is a Waterbury, Connecticut native. He attended Our Lady of Mount Carmel grammar school, The Loomis Chaffee School, and Chase Collegiate School before earning degrees from Boston College, the University of Oxford’s Said Business School in England, and Pepperdine University School of Law. At Oxford, Karl was voted president of his class. Outside of his law practice, Attorney Shehu has worked to improve the world around him by participating in numerous charitable endeavors. He is a former candidate for the Connecticut Senate and a parishioner of St. Patrick Parish and Oratory in Waterbury. In addition, Attorney Shehu has written extensively on the Twenty-fifth Amendment and law firm retention by multinational firms.
November 3, 2022
Myron M.
For over 20 years Myron E. Mims Esq. has provided legal and consulting services to small and medium sized businesses. Mims served as regional counsel for a real estate investment and development firm where he managed the Company’s contract execution and management, and dispute resolution affairs. Mims was responsible for oversight and risk management of all legal affairs, including management of a robust litigation docket consisting of a seven figure, multi-party construction lawsuit, and multiple vendor and tenant disputes. Mims prepared new contract docs and implemented execution and management processes that lead to the reduction of litigation. As a managing partner of Nixon Mims, LLP Mims provided legal and consulting services to clients of that consisted of real estate, construction, telecommunications, media and food industry businesses. Mims routinely assisted clients with developing corporate governance and management protocols, strategic planning initiatives, and advised clients in the negotiation and execution of complex business transactions. Mims routinely provided operational oversight and technical analysis for management. During this period Mims obtained firsthand experience of the access to capital impediments and challenges that growth-stage businesses face.
Find the best lawyer for your project
Browse Lawyers NowLawyer Reviews for Personal Data Processing Agreement Projects
Contract Review for Data License Agreement
"Orly is very professional & great to work with, answered questions quickly with required details & finished the job ahead of time."
ContractsCounsel User
Data Processing Addendum
"Rhea is an excellent corporate lawyer, very knowledgeable and experience in the data privacy and DPA, among other corporate related areas."
ContractsCounsel User
Quick, user friendly and one of the better ways I've come across to get ahold of lawyers willing to take new clients.
View Trustpilot ReviewNeed help with a Personal Data Processing Agreement?
Technology lawyers by top cities
- Austin Technology Lawyers
- Boston Technology Lawyers
- Chicago Technology Lawyers
- Dallas Technology Lawyers
- Denver Technology Lawyers
- Houston Technology Lawyers
- Los Angeles Technology Lawyers
- New York Technology Lawyers
- Phoenix Technology Lawyers
- San Diego Technology Lawyers
- Tampa Technology Lawyers
Personal Data Processing Agreement lawyers by city
- Austin Personal Data Processing Agreement Lawyers
- Boston Personal Data Processing Agreement Lawyers
- Chicago Personal Data Processing Agreement Lawyers
- Dallas Personal Data Processing Agreement Lawyers
- Denver Personal Data Processing Agreement Lawyers
- Houston Personal Data Processing Agreement Lawyers
- Los Angeles Personal Data Processing Agreement Lawyers
- New York Personal Data Processing Agreement Lawyers
- Phoenix Personal Data Processing Agreement Lawyers
- San Diego Personal Data Processing Agreement Lawyers
- Tampa Personal Data Processing Agreement Lawyers
ContractsCounsel User
Data Protection Agreement
Location: California
Turnaround: A week
Service: Drafting
Doc Type: Data Processing Agreement
Number of Bids: 5
Bid Range: $995 - $3,999
ContractsCounsel User