Paying customers of the Platform can request a Data Processing Agreement to be read and signed. Non-paying users can also request a Data Processing Agreement. The agreement contains rights and obligations of both parties for when Shield processes personal information on behalf of the Data Controller. This Agreement is based on the standard published by Danish Authorities (Datatilsynet) which has been designed to ensure the Parties’ compliance with Article 28, sub-section 3 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), which sets out specific requirements for the content of data processing agreements:
that Shield shall solely be permitted to process personal data on documented instructions from the Data Controller unless processing is required under EU or Member State law to which Shield is subject.
that Shield shall ensure that persons authorized to process personal data on behalf of the Data Controller have undertaken to observe confidentiality, or is subject to a suitable statutory obligation of confidentiality.
that Shield shall take all the measures required pursuant to Article 32 of the General Data Protection Regulation
that Shield shall meet the requirements of the General Data Protection Regulation in order to engage another processor (subprocessor).
that Shield shall assist the Data Controller with appropriate technical and organisational measures, in the fulfilment of the Data Controller’s obligation
that Shield shall be under obligation, at the Data Controller’s discretion, to erase or return all the personal data to the Data Controller
that Shield is able to show documentation to the Data Controller.
You can request a pre-signed data processing agreement by sending your request to [email protected]. The DPA is not amendable.
—
The Shield team