Data Processing Agreement

Version: Template v0.1 · Last updated: May 27, 2026

⚠️ TEMPLATE / SKELETON — [LAWYER REVIEW REQUIRED]. This is a starting outline only. The executed DPA, Standard Contractual Clauses (SCCs), UK Addendum, and Annexes I–III must be drafted and approved by counsel. Do not present as final to a customer.

This Data Processing Agreement (“DPA”) forms part of the agreement between the customer (“Controller”) and DevelopingRiches Inc. (“Processor”) for the ReputationEmpirez Services, and applies where Processor processes Personal Data on Controller’s behalf under the GDPR, UK GDPR, and/or the CCPA (as a “service provider”).

1. Definitions

“Personal Data,” “Processing,” “Controller,” “Processor,” “Data Subject,” and “Supervisory Authority” have the meanings in the GDPR. “CCPA” means the California Consumer Privacy Act as amended.

2. Roles & scope

Controller determines the purposes and means of Processing of Customer Content; Processor processes Personal Data only on documented instructions from Controller and as described in Annex I (subject matter, duration, nature/purpose, data categories, data-subject categories).

3. Processor obligations

Process only on Controller’s documented instructions;
Ensure personnel are bound by confidentiality;
Implement appropriate technical and organizational security measures (Annex II);
Assist Controller with data-subject requests and with DPIAs and breach obligations;
Notify Controller without undue delay after becoming aware of a Personal Data breach;
Delete or return Personal Data at the end of the Services, subject to legal retention.

4. Sub-processors

Controller authorizes Processor to engage the sub-processors listed at the Subprocessor List. Processor imposes equivalent data-protection obligations and remains responsible for their performance, and will give notice of intended changes with a right to object.

5. International transfers

Where Processing involves transfers from the EEA/UK/Switzerland to a country without an adequacy decision, the parties incorporate the EU Standard Contractual Clauses and the UK International Data Transfer Addendum (Annex III). [LAWYER REVIEW REQUIRED: select SCC modules, complete clauses, and attach.]

6. CCPA service-provider terms

Processor is a “service provider.” Processor will not (a) sell or share Personal Data; (b) retain, use, or disclose it except to perform the Services or as permitted by the CCPA; or (c) combine it with data from other sources except as permitted. Processor certifies it understands and will comply with these restrictions.

7. Audits, liability, term

Processor will make available information necessary to demonstrate compliance and allow for audits subject to reasonable conditions. Liability is governed by the Terms of Service. This DPA continues for the duration of Processing.

Annexes

Annex I — Processing details (subject matter, duration, data categories). [complete]
Annex II — Technical & organizational security measures. [complete]
Annex III — SCCs + UK Addendum. [attach]

To request a signed DPA, contact privacy@reputationempirez.com.

← Back to home