Data Processing Agreement (DPA)

Last Updated: 25.02.2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service or other agreement ("Principal Agreement") between Naganeweastoffers ("Processor") and you, the user or client ("Controller"). This DPA reflects the parties’ agreement with regard to the processing of Personal Data.

Scope and Applicability: This DPA applies where and to the extent Naganeweastoffers processes Personal Data on behalf of the Controller in the course of providing the Services as described in the Principal Agreement, particularly where such processing is subject to Data Protection Laws (e.g., GDPR, CCPA).

Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Data Protection Laws" means all applicable laws relating to data protection and privacy including, where applicable, EU Data Protection Law (e.g., GDPR).
  • "Processing" means any operation or set of operations which is performed on Personal Data.
  • "Controller", "Processor", "Data Subject", "Personal Data Breach" shall have the meanings given to them in the applicable Data Protection Laws.

Processing of Personal Data

Roles of the Parties: The parties acknowledge that for the purposes of Data Protection Laws, the Controller is the controller and Naganeweastoffers is the processor of the Personal Data.

Controller’s Instructions: Naganeweastoffers shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Naganeweastoffers is subject. The Principal Agreement and this DPA constitute the Controller's initial instructions.

Details of Processing:

  • Subject Matter: The subject matter of the processing is the provision of investment education and consulting services as outlined in the Principal Agreement.
  • Duration: The duration of the processing is the term of the Principal Agreement, unless otherwise agreed upon.
  • Nature and Purpose: The nature and purpose of the processing are to enable Naganeweastoffers to provide the Services, including user authentication, communication, service delivery, analytics, and compliance.
  • Types of Personal Data: Name, email address, contact details, payment information (processed via secure third-party processors), communications content, usage data, IP address, cookie data.
  • Categories of Data Subjects: Users of the website, clients purchasing courses or consulting services.

Security Measures

Naganeweastoffers shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to ensure the confidentiality, integrity, availability, and resilience of processing systems and services.

Sub-processors

The Controller agrees that Naganeweastoffers may engage third-party sub-processors (e.g., cloud hosting providers, payment processors, email service providers) to process Personal Data. Naganeweastoffers shall maintain a list of sub-processors and shall inform the Controller of any intended changes concerning the addition or replacement of other processors, thereby giving the Controller the opportunity to object to such changes. Naganeweastoffers shall ensure that any sub-processor is subject to data protection obligations compatible with those in this DPA.

Data Subject Rights

Naganeweastoffers shall, to the extent legally permitted, promptly notify the Controller if it receives a request from a Data Subject to exercise the Data Subject's right of access, rectification, erasure, restriction of processing, data portability, or objection. Taking into account the nature of the processing, Naganeweastoffers shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising Data Subject rights.

Personal Data Breach

Naganeweastoffers shall notify the Controller without undue delay after becoming aware of a Personal Data Breach. Naganeweastoffers shall provide the Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

Data Transfers

Naganeweastoffers shall not transfer Personal Data to countries outside the European Economic Area (EEA), UK, or Switzerland without adequate protection, unless authorized by the Controller or as necessary to provide the Services, ensuring appropriate safeguards are in place (e.g., Standard Contractual Clauses).

Audits and Compliance

Upon reasonable request, Naganeweastoffers shall make available to the Controller information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller (subject to confidentiality obligations).

Deletion or Return of Personal Data

Upon termination of the Principal Agreement, Naganeweastoffers shall, at the choice of the Controller, delete or return all Personal Data to the Controller, and delete existing copies unless Union or Member State law requires storage of the Personal Data.

Contact Information

For any questions related to this DPA or data processing practices, please contact: [email protected]