Can we have a specific and/or signed DPA?

A DPA is a Data Processing Agreement and is a required document under GDPR where a relationship exists between a Data Controller and a Data Processor.

Our DPA is included in our Privacy Policy and referenced in our Terms of Service which you agreed to when you signed up to use WriteUpp.

Our DPA covers the following points very clearly:

• Conditions for Processing
• The Kind of Information we hold
• How we will use the Information
• Implications of Failing to Provide Information
• Change of Purpose
• Disclosure of your Information
• Where we will store your data
• Third Party Processors
• Passwords & Security
• How long the Company will store personal data
• Your rights as a data subject
• Withdrawal of Consent
• Cookies
• Changes to our privacy policy
• Contact Details
• Questions & Complaints

Our policies, including the DPA, were drafted by our lawyers who specialise in data protection and privacy legislation.

We cannot enter into a client specific DPA for a number of reasons:

1. We are a global business with thousands of clients worldwide and its simply not practical for us to enter into specific agreements with individual organisations. In light of this our legal advisors have drafted policies that can be executed with all of our clients regardless of location.

2. GDPR is EU-wide legislation and as such it is applied equally and consistently in the EU/EEA. Our policies have been drafted by our lawyers in the full knowledge that we operate globally, including in the EU/EEA. To the best of our knowledge (and our legal team) there are no country specific variations to GDPR that require alternate arrangements.

3. Agreement to our policies is given when you sign up to use WriteUpp. This is clearly stated in our Terms of Service and under GDPR/DPA2018 there is no requirement for any form of separate agreement and/or wet ink signature.

Updated on: 07/11/2022