Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Processor and the organization subscribing to CBAMOS ("Controller", "Customer"). This DPA governs the processing of personal data by the Processor on behalf of the Controller in connection with the CBAMOS platform.

2. Scope and Purpose

Processing covers personal data necessary to provide the Platform services: service delivery, user management, emissions and compliance data processing, support, and security. Categories of data subjects include customer employees and contractors, business contacts, verification personnel, and third-party data providers.

3. Processor Obligations

The Processor shall:

• Process personal data only on documented instructions from the Controller
• Ensure confidentiality and limit access to authorized personnel
• Implement appropriate technical and organizational security measures (encryption, access control, monitoring, audits)
• Maintain a list of approved sub-processors and notify the Controller of changes
• Assist the Controller in fulfilling data subject rights (access, rectification, erasure, restriction, portability, objection)
• Notify the Controller without undue delay (within 24 hours) in case of a personal data breach

4. Data Subject Rights

The Processor shall assist the Controller in responding to access, rectification, erasure, restriction, portability, and objection requests. Assistance includes providing necessary information and taking reasonable steps to support the Controller's response to supervisory authorities.

5. Contact

For questions about this DPA or data processing, contact:

Email: [email protected]
Data Protection Officer: [email protected]