tiktok���˰�

The Data Processing Addendum (DPA) is an essential legal document required whenever a company (controller) engages another party (processor) to process personal data on its behalf under Austrian jurisdiction. This document is mandatory under Article 28 of the GDPR and must comply with both EU-wide requirements and specific provisions of the Austrian Data Protection Act (DSG). The DPA supplements the main service agreement between parties and details specific obligations regarding data protection, including security measures, breach notifications, audit rights, and data subject request handling. It becomes particularly critical when processing sensitive personal data or when data transfers outside the EEA are involved. The document should be regularly reviewed and updated to ensure continued compliance with evolving data protection requirements and regulatory guidance from the Austrian Data Protection Authority.

1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses

2. Background: Context of the DPA, relationship to the main service agreement, and purpose of the addendum

3. Definitions: Definitions of key terms used in the DPA, aligned with GDPR terminology and Austrian law requirements

4. Scope and Purpose of Processing: Detailed description of the data processing activities, categories of data, and processing purposes

5. Duration of Processing: Timeframe for data processing activities and relationship to the main agreement

6. Obligations of the Processor: Processor's duties under GDPR Article 28, including processing only on documented instructions

7. Obligations of the Controller: Controller's responsibilities and obligations regarding instructions and compliance

8. Sub-processing: Conditions and requirements for engaging sub-processors, including authorization process

9. Technical and Organizational Measures: Security measures required to ensure appropriate level of data protection

10. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations

11. Personal Data Breach: Notification requirements and procedures in case of data breaches

12. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance

13. Data Return and Deletion: Obligations regarding data handling upon agreement termination

14. Liability and Indemnity: Allocation of responsibilities and liabilities between parties

15. Governing Law and Jurisdiction: Specification of Austrian law application and jurisdiction