LEGAL
Delete Me Data Processing Agreement (DPA)
Flagship Inc. (hereinafter referred to as "the Company") applies the provisions of this "Data Processing Agreement" (hereinafter referred to as "this Agreement") when processing personal data subject to GDPR or other applicable regulations based on the customer's instructions or selections in connection with the services provided by the Company (hereinafter referred to as "the Service").
Article 1: Definitions
The following terms used in this Agreement shall have the meanings set forth below:
-
"Data Controller": The entity that determines the purposes and means of processing personal data.
-
"Data Processor": The entity that processes personal data on behalf of the Data Controller.
-
"Personal Data": Any information relating to an identified or identifiable natural person.
-
"Data Subject": A natural person who has rights concerning their personal data.
Article 2: Purpose of the Agreement
This Agreement sets forth the conditions under which the Data Controller entrusts the Data Processor with the processing of personal data, ensuring compliance with the General Data Protection Regulation (GDPR).
Article 3: Instructions for Data Processing
The Data Processor shall process personal data only in accordance with explicit instructions from the Data Controller and for the designated purposes. The Data Processor shall specify the purpose of processing, type of data, category of data subjects, processing methods, and processing period.
Article 4: Use of Sub-processors
The Data Processor shall obtain prior written consent from the Data Controller before engaging any sub-processors. When using sub-processors, the Data Processor shall impose equivalent data protection obligations on them.
Article 5: Security Measures
The Data Processor shall implement appropriate technical and organizational security measures to protect personal data. These measures include data encryption, access control, and data breach prevention.
Article 6: Exercise of Data Subject Rights
The Data Processor shall assist in facilitating the exercise of Data Subjects' rights, such as the right to access, rectify, or delete their data. The necessary procedures shall be coordinated with the Data Controller.
Article 7: Data Handling After Contract Termination
Upon termination of this Agreement, the Data Processor shall return all personal data to the Data Controller or securely delete it.
Article 8: Force Majeure
The Company shall not be liable for damages if it is unable to fulfill or delays fulfilling its obligations under this Agreement due to force majeure events such as natural disasters, strikes, riots, wars, epidemics, or other uncontrollable circumstances.
Article 9: Third-Party Requests
If disclosure of personal data is required by a court order, administrative decision, or other legal obligation, the Data Processor shall comply with such requests based on the Data Controller’s instructions, except where prohibited by applicable laws.
Annex:
Categories of Personal Data Processed
-
Name
-
Email address
-
Shipping address
-
Billing address
-
Personal (shipping) phone number
-
Personal (billing) phone number
-
Other
Sensitive Data Processed and Applicable Restrictions or Safeguards
If the Data Controller processes sensitive data through the Service, the Data Processor shall handle such data in the same manner as other personal data while taking appropriate precautions considering the nature and risks involved.
Purpose of Processing Personal Data for the Data Controller
-
Provision and improvement of the Service
-
System optimization
-
Data protection
-
Customer privacy
Processing Period
-
During the validity period of the Service contract