SolidCo Pty Ltd
ABN 41 680 244 446

Data Processing Addendum (DPA)

Version 1.0

1. Introduction

This Data Processing Addendum (“DPA”) forms part of the agreement between SolidCo Pty Ltd (“SolidCo”, “we”, “our” or “us”) and the client (“you” or the “Client”) for the provision of services (the “Agreement”). It applies to the extent that SolidCo processes personal data on behalf of the Client and is intended to reflect the parties’ obligations under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) and the Australian Privacy Act 1988 (Cth).

Where there is any conflict between this DPA and the Agreement in relation to the processing of personal data, this DPA prevails.

2. Definitions

Terms such as “personal data”, “processing”, “controller”, “processor”, “data subject” and “supervisory authority” have the meanings given to them under applicable data protection laws. “Subprocessor” means any third party engaged by SolidCo to process personal data on behalf of the Client.

3. Roles of the Parties

For personal data processed under the Agreement, the Client is the controller (or a processor acting on behalf of a controller) and SolidCo is the processor (or subprocessor). Each party is responsible for complying with its own obligations under applicable data protection laws.

4. Details of Processing

  • Subject matter: the provision of the services described in the Agreement.
  • Duration: the term of the Agreement, plus any period required for return or deletion of data.
  • Nature and purpose: hosting, development, maintenance, support and related processing necessary to deliver the services.
  • Types of personal data: as determined by the Client, which may include contact details, account details, content and usage data.
  • Categories of data subjects: as determined by the Client, which may include the Client’s customers, users, staff and contacts.

5. SolidCo’s Obligations

SolidCo will:

  • process personal data only on documented instructions from the Client, unless required to do otherwise by law;
  • ensure that personnel authorised to process personal data are subject to appropriate confidentiality obligations;
  • implement appropriate technical and organisational measures to protect personal data, as described in our Information Security Statement;
  • assist the Client, taking into account the nature of the processing, in responding to requests from data subjects and in meeting the Client’s obligations relating to security, breach notification and data protection impact assessments;
  • make available information reasonably necessary to demonstrate compliance with this DPA; and
  • at the Client’s choice, delete or return personal data at the end of the services, unless retention is required by law.

6. Subprocessors

The Client provides general authorisation for SolidCo to engage subprocessors to process personal data. SolidCo maintains a current list of subprocessors in its Subprocessor Policy and imposes data protection obligations on subprocessors that are no less protective than those set out in this DPA. Where required by contract or law, SolidCo will notify the Client of intended changes to subprocessors that materially affect the processing of the Client’s personal data.

7. International Data Transfers

Where personal data is transferred outside Australia, the United Kingdom or the European Economic Area, SolidCo will ensure that an appropriate transfer mechanism is in place, which may include the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum or Agreement, adequacy decisions, or other lawful safeguards recognised under applicable privacy laws.

8. Security

SolidCo maintains appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. Further detail is set out in our Information Security Statement.

9. Personal Data Breaches

SolidCo will notify the Client without undue delay after becoming aware of a personal data breach affecting the Client’s personal data, and will provide reasonable information and assistance to help the Client meet its own breach notification obligations. Our internal procedures are described in our Compliance & Data page.

10. Data Subject Rights

Taking into account the nature of the processing, SolidCo will assist the Client by appropriate technical and organisational measures, insofar as possible, to respond to requests by data subjects to exercise their rights under applicable data protection laws.

11. Return or Deletion of Data

On termination or expiry of the services, SolidCo will, at the Client’s choice, delete or return the personal data processed on the Client’s behalf, and delete existing copies unless retention is required by applicable law.

12. General

This DPA is governed by the same law as the Agreement. If any provision of this DPA is found to be unenforceable, the remaining provisions will continue in effect.

13. Contact

Privacy Officer
SolidCo Pty Ltd
ABN 41 680 244 446

Contact Us Contact Us


Related Documents