This DPA applies when Synvara processes personal data on behalf of a Customer (Controller).
1. Definitions
- Controller: Customer
- Processor: Synvara Technologies LLC
- Personal Data: As defined by GDPR
- Processing: Any operation on Personal Data
2. Scope
This DPA governs Processing under Training services where Synvara acts as a Processor.
3. Processing Details
- Subject Matter: Training platform services
- Duration: Term of service agreement
- Nature: Hosting, storage, analysis, service delivery
- Categories of Data Subjects: Users, trainees, administrators
- Data Types: Identity, usage, training records, communications
4. Processor Obligations
Synvara shall:
- Process data only on documented instructions
- Maintain confidentiality
- Implement appropriate technical and organizational measures
- Assist with data subject rights
- Notify Controller of data breaches without undue delay
- Delete or return data upon termination (unless legally required)
5. Subprocessors
Authorized subprocessors include:
- Cloud infrastructure providers
- Payment processors (Stripe)
- Security and monitoring providers
Synvara remains liable for subprocessors' compliance.
6. International Transfers
Where applicable, transfers rely on:
- Standard Contractual Clauses (SCCs)
- Equivalent lawful safeguards
7. Security Measures
Measures include:
- Encryption in transit
- Access controls
- Logging and monitoring
- Least-privilege access
8. Audits
Controller may audit compliance with reasonable notice, subject to confidentiality and security constraints.
9. Liability
Liability is subject to the main service agreement.
10. Governing Law
Kansas, United States (unless overridden by mandatory data protection law).