This Data Processing Agreement (“DPA”) is made as of the date Supplier first Processes Customer Data on behalf of Customer pursuant to the Principal Agreement (“Effective Date”) between: 

• Aptia Group. and/or its relevant Affiliate ordering Services from the Supplier pursuant to the Principal Agreement (“Customer”); and
• The provider of the Services identified in the Principal Agreement (“Supplier”). 

In consideration of the mutual obligations set out herein, the Supplier and Customer agree that this DPA and its terms and conditions are attached to and form part of the Aptia Group.’s Standard Terms and Conditions as attached to the Purchase Order issued by Customer to Supplier, and any statement of work or other ordering document entered pursuant thereto (“Principal Agreement”). Capitalised terms used but not defined herein shall have the meaning set out in the Agreement. This DPA consists of (a) the main body of the DPA; (b) the Data Processing Details Addendum at Attachment 1; (c) the Security Terms at Attachment 2; and (d) the Standard Contractual Clauses at Attachment 3 (including Appendices 1 and 2).

1 Definitions

The following terms have the following meanings when used in this DPA: 

Affiliate means, with respect to a party, an entity that (directly or indirectly) controls, is controlled by or is under common control with, such party, where control refers to the power to direct or cause the direction of the management and policies of another entity, whether through ownership of voting securities, by contract or otherwise. 

Agreement means the Principal Agreement and this DPA. 

Cardholder Data, a subset of Personal Data, means credit or debit card account number that identifies the issuer and the particular cardholder account plus any of the following: cardholder name, expiration date and/or service code and sensitive authentication data including securityrelated information used to authenticate cardholders and/or authorize payment card transactions. The definition of Cardholder Data shall be consistent with the definition of Cardholder Data defined by the current Payment Card Industry Data Security Standards (PCI DSS). 

Controller means the entity which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; applicable Data Privacy Laws may use different terms to refer to this entity, including “Business” or “Responsible Party”.

Customer has the meaning given it above. 

Customer Data means any data, whether in physical or electronic form, including but not limited to documents, databases, records, Personal Data, NPI, intellectual property and confidential information (as defined elsewhere in the Agreement), created by or made available to Supplier in the course of providing Services to Customer and/or any of its Affiliates. 

Data Exporter has the meaning given in clause 9.2(b).

Download the vendor data processing agreement here