Data Processing Agreement (DPA)
Last Updated: April 9, 2026
1. Scope
This Data Processing Agreement forms part of the Terms and Conditions between GOITSOKAY Corporation (“Processor”) and the Client (“Controller”).
2. Roles
The Client acts as the Data Controller, and GOITSOKAY acts as the Data Processor.
3. Processing Activities
We process personal data only to deliver contracted services, maintain systems, and provide support.
4. Types of Data
Data may include names, email addresses, business information, and user-generated content.
5. Processor Obligations
- Process data only per client instructions
- Maintain confidentiality
- Implement appropriate security measures
- Assist with legal compliance
6. Subprocessors
We may use third-party subprocessors such as cloud hosting providers, CRM systems, and payment processors.
7. Data Transfers
Data may be transferred internationally with appropriate safeguards in place.
8. Security Measures
We implement encryption, access controls, and monitoring systems to protect data.
9. Data Breach
In the event of a data breach, we will notify the client promptly and provide mitigation steps.
10. Data Subject Rights
We assist clients in responding to data access, deletion, and portability requests.
11. Data Retention & Deletion
Upon termination, data will be deleted or returned upon request.
12. Audit Rights
Clients may request reasonable audits of data processing practices.
13. Governing Law
This agreement follows the governing law stated in the Terms and Conditions.