Data Processing Agreement (DPA)

Last Updated:

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Academy Tradenganaga ("Processor") and the user/client ("Controller") and applies where the Processor processes Personal Data on behalf of the Controller in the provision of the Services.

This DPA reflects the parties’ agreement with regard to the processing of Personal Data in accordance with the requirements of Data Protection Laws applicable to the Processor (e.g., Australia's Privacy Act 1988).

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Data Protection Laws" means all applicable laws relating to data protection and privacy.
• "Processing" means any operation performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
• "Controller" means the entity which determines the purposes and means of the Processing of Personal Data (typically the user/client).
• "Processor" means the entity which Processes Personal Data on behalf of the Controller (Academy Tradenganaga).

3. Processing of Personal Data

The Processor shall only process Personal Data on behalf of and in accordance with the Controller's documented instructions for the following purposes: (i) Processing in accordance with the Terms of Service and this DPA; (ii) Processing initiated by users in their use of the Services; and (iii) Processing to comply with other reasonable instructions provided by the Controller where such instructions are consistent with the terms of the Agreement.

The subject matter, duration, nature, and purpose of the processing, as well as the types of Personal Data and categories of data subjects, are described in our Privacy Policy.

4. Confidentiality and Security

The Processor shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data and are subject to obligations of confidentiality.

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the Processing of Personal Data, as detailed in our Privacy Policy.

5. Sub-processors

The Controller acknowledges and agrees that the Processor may engage third-party Sub-processors in connection with the provision of the Services. The Processor shall ensure that any Sub-processor is subject to data protection obligations comparable to those set out in this DPA.