<- Back to legal center

TradeCheck Data Processing Addendum (Template)

Processor: TradeCheck (NZ) Limited ("Provider") Controller: [Customer legal name] ("Customer") Effective date: [Effective date]

This Data Processing Addendum (DPA) forms part of the agreement between Customer and Provider for the use of TradeCheck (the "Service"). This is a commercial template and should be reviewed by legal counsel before execution.

1. Definitions

  • Personal information: Information about an identifiable individual.
  • Customer Data: Data uploaded to or created in the Service by or for Customer.
  • Processing: Any operation performed on data, including collection, storage, transmission, access, and deletion.

2. Roles

  • Customer is the controller and determines what data is uploaded and how it is used.
  • Provider is the processor and processes Customer Data on Customer's behalf to provide the Service.

3. Processing details

Subject matter: Provision of the Service. Duration: Agreement term plus backup retention period. Nature and purpose: Hosting, rendering, securing, exporting, support, and product operations. Types of personal information: Names, emails, roles, logs, photos, documents, signatures, and data Customer submits. Categories of individuals: Customer staff, contractors, clients, and any individuals captured in Customer Data.

4. Provider obligations

Provider will:

  • process Customer Data only for documented service purposes,
  • implement reasonable technical and organisational security controls,
  • ensure confidentiality obligations for personnel with data access,
  • notify Customer without undue delay after becoming aware of a security incident affecting Customer Data,
  • provide reasonable assistance for data subject requests and privacy compliance, and
  • maintain and publish a subprocessor list.

5. Subprocessors

Customer authorises Provider to use subprocessors required to deliver the Service. Provider maintains the list in Subprocessors and will take reasonable steps to notify Customer of material changes.

6. Cross-border processing

Customer acknowledges that Customer Data may be processed outside New Zealand depending on hosting and subprocessors. Provider will take reasonable steps to ensure protections consistent with this DPA and applicable law.

7. Deletion and return

On termination of the agreement, Provider will:

  • provide a reasonable opportunity to export Customer Data, and
  • delete or de-identify Customer Data from active systems within a reasonable period, subject to legal obligations and backups.

8. Audit information

On reasonable notice, no more than once per 12-month period unless required by law or incident response, Customer may request information reasonably required to assess Provider's compliance with this DPA.

9. Liability

Liability under this DPA follows the liability terms in the main agreement unless otherwise required by law.

10. Order of precedence

If this DPA conflicts with the main agreement, this DPA controls only for processing matters covered by this DPA.