Data Processing Agreement
This Data Processing Agreement (DPA) forms part of the agreement between RapidLaunch (the Processor) and the Client (the Controller) for website development and hosting services.
1. Definitions
Personal Data: Any information relating to an identified or identifiable natural person, as defined by GDPR Art. 4(1).
Processing: Any operation performed on Personal Data, including collection, storage, use, and deletion.
Controller: The Client who determines the purposes and means of processing.
Processor: RapidLaunch, processing Personal Data on behalf of the Controller.
2. Subject Matter & Duration
The Processor will process Personal Data for the purpose of providing website development, hosting, maintenance, and related services. Processing shall continue for the duration of the service agreement.
3. Nature & Purpose of Processing
The Processor processes Personal Data to:
- Host and serve the Client's website
- Provide technical support and maintenance
- Manage client accounts and billing
- Send service-related communications
- Comply with legal obligations
4. Types of Personal Data
The Processor may process: names, email addresses, phone numbers, business information, website content, analytics data, and any other data the Controller chooses to collect through their website.
5. Processor Obligations
The Processor shall:
- Process Personal Data only on documented instructions from the Controller
- Ensure persons authorised to process have committed to confidentiality
- Implement appropriate technical and organisational security measures
- Assist the Controller in fulfilling data subject rights requests
- Assist with data protection impact assessments where required
- Delete or return all Personal Data at the Controller's choice upon termination
- Make available all information necessary to demonstrate compliance
6. Sub-Processors
The Controller authorises the use of sub-processors listed at /sub-processors. The Processor will inform the Controller of any intended changes concerning the addition or replacement of sub-processors.
7. Data Subject Rights
The Processor shall promptly notify the Controller of any data subject request and assist in responding. The Controller may submit data requests via /data-request.
8. Security Measures
The Processor implements: encryption in transit (TLS), encryption at rest, access controls, regular security updates, backup procedures, and incident response planning as described in our Breach Policy.
9. Breach Notification
The Processor shall notify the Controller without undue delay upon becoming aware of a Personal Data breach. Notification will be made within 72 hours per the breach policy.
10. International Transfers
Personal Data is processed within the European Economic Area (EEA). Any transfer to a third country shall only occur with appropriate safeguards in place.
11. Governing Law
This DPA is governed by the laws of Ireland. Any disputes shall be resolved in the courts of Ireland.
To execute this DPA, contact support@rapidlaunch.ie.