This Data Processing Addendum ("DPA") forms part of the agreement between Individual Entrepreneur Stanislav Bogdanov (Identification Number: 345670295, Georgia, Batumi city, Alexander Griboyedovi street, N28, flat N20) ("Processor") and you ("Controller") for the use of TgPaidChannel services.
1. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
- "Data Subject" means the individual to whom Personal Data relates.
- "Sub-processor" means any third party engaged by the Processor to process Personal Data.
2. Roles and Responsibilities
For the purposes of this DPA:
- You act as the Data Controller for Personal Data of your channel subscribers.
- We act as the Data Processor processing Personal Data on your behalf to provide our services.
3. Processing Instructions
We will process Personal Data only in accordance with your documented instructions and as necessary to provide the services. We will not process Personal Data for any other purpose unless required by applicable law, in which case we will inform you before processing unless prohibited by law.
4. Confidentiality
We ensure that persons authorized to process Personal Data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality. Access to Personal Data is limited to personnel who need it to perform their duties.
5. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of Personal Data in transit and at rest
- Access controls and authentication mechanisms
- Regular testing and evaluation of security measures
- Measures to ensure ongoing confidentiality, integrity, and availability
- Procedures for regular backup and recovery
6. Sub-processors
We may engage Sub-processors to assist in providing the services. We will:
- Maintain a list of current Sub-processors available upon request
- Impose data protection obligations on Sub-processors equivalent to those in this DPA
- Remain liable for Sub-processor compliance with this DPA
- Notify you of any intended changes to Sub-processors, allowing you to object
7. International Transfers
If Personal Data is transferred to countries outside the European Economic Area or other regions with data transfer restrictions, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other approved transfer mechanisms.
8. Data Subject Requests
We will assist you in responding to Data Subject requests to exercise their rights (access, rectification, erasure, etc.) by implementing appropriate technical and organizational measures. We will promptly notify you of any Data Subject request we receive directly.
9. Breach Notification
In the event of a Personal Data breach, we will notify you without undue delay after becoming aware of the breach. The notification will include available information about the nature of the breach, affected data, and measures taken or proposed to address the breach.
10. Deletion and Return
Upon termination of the services or upon your request, we will delete or return all Personal Data to you, unless retention is required by applicable law. We will certify deletion upon request.
11. Audit Rights
We will make available to you information necessary to demonstrate compliance with this DPA and allow for audits and inspections by you or an auditor mandated by you, subject to reasonable notice and confidentiality obligations.
12. Contact
For questions about this DPA or to exercise any rights, please contact us at:
Email: novergeme@gmail.com