Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

This Data Processing Agreement ("Agreement") forms part of the Contract for Services ("Principal Agreement") between

Company (Data Controller):
Atlassian Marketplace Customers (the “Company”)

and

Data Processor:
Maksym Babenko (Sole Proprietor Babenko Maksym Anatoliyovych)
Ukraine
Developer of Risk Radar (the “Data Processor”)

(Together, "the Parties")

WHEREAS

(A) The Company acts as a Data Controller.
(B) The Company wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
(C) The Parties seek to implement a data processing agreement that complies with the Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws.
(D) The Parties wish to lay down their rights and obligations regarding data processing.

1. Definitions and Interpretation

1.1 Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meanings:

  • "Company Personal Data" – any Personal Data processed by the Data Processor on behalf of the Company.

  • "Data Protection Laws" – GDPR and any applicable data protection laws.

  • "EEA" – European Economic Area.

  • "GDPR" – EU General Data Protection Regulation 2016/679.

  • "Data Transfer" – transfer of Company Personal Data outside the EEA, subject to GDPR restrictions.

  • "Services" – the Risk Radar application services provided by the Data Processor.

  • "Subprocessor" – any party appointed by the Processor to process Personal Data on behalf of the Company.

2. Processing of Company Personal Data

2.1 Processor’s Obligations:

  • Processor shall comply with all applicable Data Protection Laws in the Processing of Company Personal Data.

  • Processor shall process Company Personal Data only in accordance with the Company's documented instructions.

2.2 Company’s Instructions:

  • The Company instructs Processor to process Company Personal Data only as necessary for the operation of the Risk Radar application.

3. Processor Personnel

Processor shall ensure that any employees or contractors processing Company Personal Data:

  • Have limited access to the data only as necessary.

  • Are bound by confidentiality obligations.

4. Security Measures

4.1 The Processor shall implement appropriate technical and organizational measures to ensure the security of Company Personal Data, including:

  • Data encryption.

  • Secure access controls.

  • Monitoring for unauthorized access.

4.2 In case of a Personal Data Breach, Processor shall notify the Company without undue delay and assist in mitigation.

5. Subprocessing

Processor shall not appoint or disclose any Company Personal Data to any Subprocessor without prior written authorization from the Company.

6. Data Subject Rights

6.1 Processor shall assist the Company in responding to Data Subject rights requests, including:

  • Access, correction, deletion, or restriction of data processing.

  • Providing requested data in a portable format.

6.2 If the Processor receives a Data Subject request, it shall:

  • Notify the Company immediately.

  • Not respond unless instructed by the Company.

7. Personal Data Breach

7.1 Processor shall notify the Company without undue delay of any Personal Data Breach, including:

  • Description of the breach.

  • Possible consequences.

  • Measures taken to mitigate the breach.

7.2 Processor shall assist in investigating and mitigating the breach.

8. Data Protection Impact Assessment

Processor shall assist the Company in any Data Protection Impact Assessment (DPIA) if required under Article 35 or 36 of the GDPR.

9. Data Retention and Deletion

9.1 Upon termination of services, Processor shall:

  • Delete all Company Personal Data within 10 business days.

  • Provide a written certification of deletion.

10. Audit Rights

10.1 Processor shall provide the Company with information necessary to demonstrate compliance with this Agreement.

10.2 The Company may audit the Processor’s compliance with this Agreement.

11. Data Transfers

11.1 Processor shall not transfer Company Personal Data outside the EEA without prior written consent from the Company.

11.2 If necessary, the Parties shall use EU Standard Contractual Clauses (SCCs) to protect transferred data.

12. Confidentiality & Notices

12.1 Each Party shall keep this Agreement confidential.

12.2 All communications must be in writing and sent to the addresses provided by the Parties.

13. Governing Law and Jurisdiction

13.1 This Agreement is governed by the laws of Ukraine.

13.2 Any disputes will be submitted to the exclusive jurisdiction of the courts of Ukraine.

IN WITNESS WHEREOF

This Agreement is entered into with effect from the date first set out below.

Company (Atlassian Marketplace Customer)
Signature: ___________________________
Name: _____________________________
Title: ______________________________
Date: ______________________________

Processor (Maksym Babenko, Developer of Risk Radar)
Signature: ___________________________
Name: Maksym Babenko
Title: Individual Entrepreneur (Sole Proprietor Babenko Maksym Anatoliyovych)
Date: ______________________________

  • No labels