5,223 Reviews

24/7

Appointment
Footer Logo

Data Processing Agreement (DPA)

This Data Processing Agreement (Agreement) forms part of the Terms of Use between MySuperHub (Data Controller) and its users, including clients, independent contractors, and managers (Data Processor) who process personal data on behalf of MySuperHub.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable person.
  • Processing: Any operation performed on Personal Data, such as collection, storage, retrieval, or deletion.
  • Controller: Entity that determines the purpose of data processing (MySuperHub).
  • Processor: Entity that processes Personal Data on behalf of the Controller.
  • Sub-Processor: Any third party engaged by the Processor to assist in processing Personal Data.

2. Obligations of the Data Processor

  • Process Personal Data only on documented instructions from MySuperHub.
  • Ensure that authorized personnel are bound by confidentiality agreements.
  • Implement appropriate technical and organizational security measures to protect Personal Data from unauthorized access, loss, or destruction.
  • Maintain accurate records of processing activities and provide them upon request.
  • Assist MySuperHub in fulfilling data subject rights requests (access, rectification, deletion, portability, etc.).
  • Notify MySuperHub within 72 hours of any Personal Data breach and cooperate in the resolution of such incidents.
  • Return or securely delete all Personal Data at the end of the processing agreement, as instructed by MySuperHub.

3. Data Security

  • Encryption of Personal Data during storage and transmission.
  • Access controls to ensure only authorized personnel can access Personal Data.
  • Regular security assessments to detect vulnerabilities and mitigate risks.
  • Audit logging for tracking access and processing of Personal Data.
  • Incident response protocols to ensure timely action in case of data breaches.
  • Compliance with applicable data protection laws, including GDPR, CCPA, and any relevant national regulations.

4. Governing Law & Dispute Resolution

  • MySuperHub may mediate but does not guarantee resolution of data-related disputes.
  • Unresolved disputes are subject to binding arbitration in Delaware, in accordance with the rules of the American Arbitration Association (AAA).
  • MySuperHub shall not be liable for any indirect, incidental, or consequential damages arising from data processing disputes.
  • If arbitration fails to resolve the dispute, the matter shall be submitted to the state or federal courts of Delaware.
  • The Data Processor waives the right to participate in any class-action lawsuit or collective arbitration against MySuperHub.

5. Liability & Indemnification

  • The Processor shall be fully responsible for compliance with this Agreement and any applicable data protection laws.
  • The Processor agrees to indemnify and hold harmless MySuperHub from any claims, damages, or penalties arising from the Processor’s failure to comply with legal obligations.
  • MySuperHub is not liable for any loss or damages incurred due to actions or omissions of the Processor, including unauthorized disclosures or security breaches.

6. Sub-Processing & Third Parties

  • The Processor must not engage a Sub-Processor without prior written consent from MySuperHub.
  • If MySuperHub approves a Sub-Processor, the Processor remains fully responsible for ensuring compliance with this Agreement.
  • The Processor must ensure that Sub-Processors implement security measures equal to or greater than those outlined in this Agreement.

7. Termination & Data Handling

  • This Agreement remains in effect until terminated by either party with prior written notice.
  • Upon termination, the Processor must cease all processing activities and return or delete Personal Data as instructed by MySuperHub.
  • MySuperHub may conduct a final security audit to ensure compliance before finalizing the termination process.

8. Amendments

  • MySuperHub reserves the right to modify this Agreement at any time, with notice provided to the Processor.
  • Continued processing of Personal Data after modifications constitutes acceptance of the updated terms.

Contact Information

For any questions, please contact: