Data Processing Agreement
Defines processing terms where Customers act as Controllers and Capantra acts as a Processor under GDPR and similar laws.
On this page (tap to expand)
Procurement summary (tap to expand)
Processor terms suitable for EU GDPR procurement and enterprise contracts; clarifies roles, security, subprocessors, and breach obligations.
- Customer is Controller; Capantra is Processor
- Subprocessor controls and contractual flow-downs
- Breach notification and assistance with requests
- Process data only on documented instructions
- Maintain appropriate security controls
1. Roles
For Customer Personal Data processed via the Services: Customer is the Controller (or Business), and Capantra is the Processor (or Service Provider) as applicable.
2. Scope of Processing
Capantra processes personal data solely to provide, secure, and support the Services, and in accordance with Customer’s documented instructions (including as set out in the agreement and these policies).
3. Security Measures
Capantra maintains administrative, technical, and organisational safeguards appropriate to the risk, including access control, encryption, logging, and monitoring.
4. Subprocessors
Capantra may use subprocessors to deliver components of the Services. Subprocessors are bound by written agreements imposing data protection obligations no less protective than those in this DPA.
5. Breach Notification
Capantra will notify Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and will provide reasonable information to support Customer’s response obligations.
6. Data Subject Requests
Capantra will reasonably assist Customers with requests from data subjects (e.g., access, deletion, portability) where required by law and as technically feasible.
Versioning & change log
Current version: v0.2
- Added enterprise procurement summary section
- Added change log and versioning
- Clarified AU/US/EU scope and responsibilities
- Initial policy draft published
Policies may be updated for regulatory, security, or product reasons. Material changes will be communicated where required.
This policy is provided for transparency and does not constitute legal advice.
1. Roles
For Customer Personal Data processed via the Services: Customer is the Controller (or Business), and Capantra is the Processor (or Service Provider) as applicable.
2. Scope of Processing
Capantra processes personal data solely to provide, secure, and support the Services, and in accordance with Customer’s documented instructions (including as set out in the agreement and these policies).
3. Security Measures
Capantra maintains administrative, technical, and organisational safeguards appropriate to the risk, including access control, encryption, logging, and monitoring.
4. Subprocessors
Capantra may use subprocessors to deliver components of the Services. Subprocessors are bound by written agreements imposing data protection obligations no less protective than those in this DPA.
5. Breach Notification
Capantra will notify Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and will provide reasonable information to support Customer’s response obligations.
6. Data Subject Requests
Capantra will reasonably assist Customers with requests from data subjects (e.g., access, deletion, portability) where required by law and as technically feasible.
Versioning & change log
Current version: v0.2
- Added enterprise procurement summary section
- Added change log and versioning
- Clarified AU/US/EU scope and responsibilities
- Initial policy draft published
Policies may be updated for regulatory, security, or product reasons. Material changes will be communicated where required.
This policy is provided for transparency and does not constitute legal advice.