BETA

Data Processing Agreement


This Data Processing Agreement ("DPA") is a vital part of the Agreement between Aktura Technology Pty Ltd trading as Learnctor ("the Processor") and the Customer ("the Controller").

Definitions and Interpretation

To make this Agreement clear, we provide the following definitions:

Data Protection Legislation: Refers to all applicable data protection laws, including GDPR and related national implementing laws, regulations, and secondary legislation.

Data Subject: An individual who is the subject of Personal Data.

GDPR: General Data Protection Regulation ((EU) 2016/679).

Personal Data: Refers to any information related to an identified or identifiable natural person that we process as part of providing our services under the Services Agreement.

Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data.

Processing Purposes

1.      It is essential to acknowledge that the Controller is the controller, and the Processor is the processor. The Controller retains control of the Personal Data and remains responsible for compliance obligations under Data Protection Legislation.

Processor's Obligations

As the Processor, we have the following obligations:

1.      Implement appropriate technical and organizational measures to meet Data Protection Legislation requirements and protect Data Subject rights.

2.      Process Personal Data only as instructed by the Controller, unless required by law.

3.      Ensure confidentiality of authorized personnel processing Personal Data.

4.      Employ security measures to safeguard Personal Data.

5.      Assist the Controller with Data Subject rights requests and compliance with data breach obligations.

6.      Delete or return Personal Data after the Services Agreement termination.

7.      Provide information for compliance audits and assessments.

Subprocessing

1.      We may engage Sub-processors to process Customer Data on the Controller's behalf. The Sub-processors authorized by the Controller are listed in Schedule 1.

Security

1.      We implement appropriate technical and organizational measures to ensure data security, taking into account the nature and scope of processing and risks to data subjects' rights and freedoms.

Responses to Data Subjects

1.      We will assist the Controller in fulfilling Data Subjects' rights, including access, rectification, erasure, and data portability requests. Any complaints or Subject Access Requests will be notified promptly to the Controller for appropriate actions.

Personal Data Breach

1.      In case of Personal Data Loss or breach, we will notify the Controller without delay and mitigate the impact of such incidents. The Processor shall not disclose Personal Data to third parties without the Controller's written request or as required by law.

Term and Termination

1.      This Agreement continues as long as the Processor processes Personal Data related to the Services Agreement. A breach of this Agreement may lead to termination by the Controller.

2.      Data Return and Destruction

3.      Upon request, the Processor will provide the Controller with a copy of or access to the Personal Data. On termination, the Processor will follow the Controller's instructions regarding data deletion, destruction, return, or retention.

Audit

1.      The Controller may conduct audits to ensure compliance with this Agreement, and the Processor will assist and cooperate with such audits.

2.      We value the security and privacy of your data. If you have any questions or concerns regarding our Data Processing Agreement, feel free to contact us.