Data Processing Agreement

  • Home
  • Data Processing Agreement

Data Processing Agreement (DPA) 

Effective Date: 21 May 2025 

 

This Data Processing Agreement (“Agreement”) is entered into by and between: 

LeSoft Technologies Ltd (“Data Processor”, “we”, “us”, “our”), and 

[Client’s Name] (“Data Controller”, “you”, “your”). 

This Agreement governs the terms under which LeSoft will process personal data on behalf of the Data Controller. The processing of personal data will be done in compliance with the applicable data protection laws, including the General Data Protection Regulation (GDPR) (EU) 2016/679. 

 

1. Definitions

For the purposes of this Agreement: 

  • Personal Data: Any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR. 
  • Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, and destruction, as defined in Article 4(2) of the GDPR. 
  • Data Subject: An individual whose personal data is being processed. 
  • Sub-processor: A third party engaged by LeSoft to process personal data on behalf of the Data Controller. 

 

2. Purpose of Data Processing

LeSoft agrees to process personal data only for the purposes specified in this Agreement, which are to deliver and support the services as described in the contract or agreement between LeSoft and the Data Controller. 

 

3. Duration of Processing

The processing of personal data will continue for the duration of the contract or until such time as the Data Controller requests the cessation of processing. 

 

4. Nature of Processing

LeSoft will process the personal data in accordance with the Data Controller’s instructions, which shall include processing for the following activities: 

  • Provision and support of services, 
  • Technical and customer support, 
  • Data analysis and reporting, 
  • Compliance with applicable legal and regulatory obligations. 

 

5. Categories of Personal Data

The personal data being processed by LeSoft may include, but is not limited to: 

  • Employee Data (e.g., names, email addresses, job titles, employee identification numbers), 
  • Customer Data (e.g., names, addresses, contact details), 
  • Billing and Payment Data (e.g., credit card numbers, billing addresses), 
  • Technical Data (e.g., IP addresses, device information). 

 

6. Data Controller Responsibilities

As the Data Controller, you are responsible for: 

  • Ensuring that the personal data you provide to LeSoft is collected and processed in accordance with applicable data protection laws, 
  • Informing data subjects of the processing and obtaining consent where required, 
  • Ensuring that the personal data is accurate and up to date, 
  • Complying with the rights of data subjects, including their rights to access, rectify, delete, or restrict the processing of their personal data. 

 

7. LeSoft’s Responsibilities as Data Processor

LeSoft, as the Data Processor, agrees to: 

  • Process personal data only in accordance with the Data Controller’s written instructions, 
  • Implement appropriate technical and organizational measures to ensure the security of personal data, 
  • Ensure that any personnel involved in the processing of personal data are subject to confidentiality obligations, 
  • Not disclose personal data to third parties except where required by law or with prior written consent from the Data Controller, 
  • Assist the Data Controller in responding to data subject rights requests (e.g., access, rectification, erasure), 
  • Notify the Data Controller promptly in the event of a data breach. 

 

8. Use of Sub-processors

LeSoft may engage sub-processors to assist in providing the services. Any sub-processors LeSoft engages will be bound by the same data protection obligations as set out in this Agreement. A list of sub-processors will be provided to the Data Controller upon request. 

 

9. Data Security Measures

LeSoft will implement appropriate technical and organizational measures to protect the personal data against unauthorized or unlawful processing, and against accidental loss, destruction, or damage. These measures will be reviewed and updated as necessary. 

 

10. Data Subject Rights

LeSoft will assist the Data Controller in fulfilling its obligations to respond to data subject rights requests, including requests for access, rectification, erasure, restriction, and data portability. 

 

11. Data Breach Notification

In the event of a personal data breach, LeSoft will notify the Data Controller without undue delay and will cooperate with the Data Controller in investigating and mitigating the effects of the breach. 

 

12. Termination and Data Deletion

Upon termination of this Agreement or the underlying contract, LeSoft will, at the Data Controller’s request, return or delete all personal data processed on behalf of the Data Controller, unless required to retain the data by law. 

 

13. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the United Kingdom. 

 

14. Acknowledgment

By executing this Agreement, both parties acknowledge and agree to the terms outlined herein. 

 

LeSoft Technologies Ltd
Signature: ______________________
Name: _________________________
Title: _________________________
Date: _________________________ 

[Client’s Name]
Signature: ______________________
Name: _________________________
Title: _________________________
Date: _________________________ 

 

x