Personal Data Processing and Information Security Agreement
This Personal Data Processing and Information Security Agreement (“Agreement”) is entered into by and between:
- WHITE WALL TECNOLOGIA LTDA, hereinafter referred to as (“Processor”); and
- The entity or individual contracting services provided by WHITE WALL TECNOLOGIA LTDA, hereinafter referred to as (“Controller”).
1. Definitions
- Personal Data: Information relating to an identified or identifiable natural person. For purposes of this Agreement, personal data may include but is not limited to email addresses and usage data.
- Processing: Any operation or set of operations performed on personal data or on sets of personal data, including collection, recording, storage, organization, consultation, use, dissemination, or otherwise making available.
2. Purpose of Data Processing
The Processor agrees to process personal data solely for the purpose of providing services as agreed with the Controller.
3. Scope and Categories of Personal Data
Processor may process the following categories of personal data provided or authorized by the Controller:
- Email address
- Usage data
4. Duration of Processing and Data Retention
Processor shall retain and process the personal data for as long as necessary to fulfill the agreed service provision. Upon termination of the services, Processor shall delete or anonymize all personal data, unless legally obligated otherwise.
5. Obligations of the Processor
The Processor agrees to:
- Process personal data strictly in accordance with the Controller’s instructions and applicable laws in Brazil, especially the Brazilian General Data Protection Law (LGPD – Lei Geral de Proteção de Dados Pessoais, Law No. 13,709/2018).
- Implement appropriate technical and organizational measures to ensure a high level of security of personal data, protecting it against unauthorized access, alteration, disclosure, or destruction.
- Maintain confidentiality and restrict access to personal data only to authorized personnel who require such access to fulfill their job functions.
6. Rights of Data Subjects
Processor shall promptly inform the Controller of any request from data subjects exercising their rights under the applicable data protection law, and shall assist the Controller in fulfilling such requests.
7. Data Breaches
In the event of a personal data breach, Processor agrees to notify Controller without undue delay and provide necessary details regarding the nature of the breach, affected data, and the measures taken to mitigate its effects.
8. Third-Party Processors
Processor shall not engage any third-party processors without the prior written approval of Controller. If approved, Processor shall ensure such third parties adhere to obligations no less stringent than those stipulated in this Agreement.
9. Audit and Compliance
Processor agrees to allow Controller, or an auditor authorized by Controller, to conduct audits or inspections to verify compliance with this Agreement upon reasonable notice.
10. Applicable Law and Jurisdiction
This Agreement shall be governed by and interpreted under the laws of Brazil. Any disputes arising out of or related to this Agreement shall be resolved in the jurisdiction of the courts of Brazil.
11. Miscellaneous
This Agreement represents the entire agreement between the parties regarding personal data processing and supersedes any previous agreements or understandings. Modifications must be made in writing and signed by both parties.
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date indicated below.