Data Processing Agreement (DPA)

Last updated: [Date]

This Data Processing Agreement ("DPA") forms part of the Terms of Service ("Principal Agreement") between:

NewDarkNaga ("Data Processor"), located at 4650 Roger Street, Comox, British Columbia V9N 5N1, Canada.

and

You, the User ("Data Controller") engaging with our services via newdarknaga.com.

This DPA reflects the parties’ agreement with regard to the processing of Personal Data in accordance with the requirements of Data Protection Laws.

1. Definitions

• "Data Protection Laws" means all applicable worldwide legislation relating to data protection and privacy, including without limitation GDPR (General Data Protection Regulation (EU) 2016/679) and any applicable national implementing laws, regulations and secondary legislation in Canada relating to the processing of Personal Data and the privacy of electronic communications, as amended, replaced or updated from time to time.
• "Personal Data" means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Other terms like "Data Controller", "Data Processor", "Data Subject", "Supervisory Authority" shall have the meanings ascribed to them in the GDPR.

2. Processing of Personal Data

• Roles of the Parties: The parties acknowledge and agree that for the purposes of the Data Protection Laws, the User/Client is the Data Controller and NewDarkNaga is the Data Processor.
• Data Controller’s Instructions: The Data Processor shall collect and process Personal Data only on documented instructions from the Data Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the Processor is subject. The Principal Agreement and this DPA constitute the Data Controller's complete instructions to the Data Processor regarding the processing of Personal Data.
• Details of Data Processing:
  • Subject matter: The subject matter of the processing is the performance of the services pursuant to the Principal Agreement.
  • Duration: The duration of the processing is the term of the Principal Agreement and until all Personal Data is deleted or returned in accordance with the Data Controller's instructions or the terms of this DPA.
  • Nature and Purpose: The nature and purpose of the processing is to provide the investment training and consultation services, manage user accounts, provide customer support, communicate with users, and improve the services.
  • Types of Personal Data: Name, email address, phone number, address, service interests, communication records, payment information (if applicable, though likely processed by a third-party payment gateway), usage data, cookies data.
  • Categories of Data Subjects: Users of the Service (website visitors, registered users, clients).

3. Data Processor Obligations

• Confidentiality: Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
• Security: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
• Sub-processors: The Data Processor shall not engage another processor (Sub-processor) without prior specific or general written authorization of the Data Controller. In the case of general written authorization, the Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of other processors, thereby giving the Data Controller the opportunity to object to such changes. Where the Data Processor engages a Sub-processor, it shall do so only by way of a written contract which imposes on the Sub-processor the same data protection obligations as set out in this DPA.
• Data Subject Rights: Taking into account the nature of the processing, assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller's obligation to respond to requests for exercising the Data Subject's rights laid down in Chapter III of the GDPR.
• Assistance to Data Controller: Assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (Security of processing, Data breach notification, Data protection impact assessment, Prior consultation), taking into account the nature of processing and the information available to the Data Processor.
• Deletion or Return of Data: At the choice of the Data Controller, delete or return all the Personal Data to the Data Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data.
• Audits and Inspections: Make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.

4. Data Controller Obligations

• Ensure that it has all necessary rights and consents in place to allow the Data Processor to process the Personal Data in accordance with this DPA and the Principal Agreement.
• Provide lawful and documented instructions to the Data Processor.
• Be responsible for responding to Data Subject requests concerning their Personal Data.

5. Data Transfers

The Data Processor shall not transfer Personal Data processed under this DPA outside the European Economic Area (EEA) or Canada (which has an adequacy decision) without the prior written consent of the Data Controller and unless appropriate safeguards are in place (e.g., Standard Contractual Clauses). If Personal Data originates from outside these regions, appropriate transfer mechanisms according to the respective jurisdictions will be implemented.

6. General Terms

• This DPA shall remain in effect for as long as the Data Processor processes Personal Data on behalf of the Data Controller.
• This DPA shall be governed by the laws designated in the Principal Agreement.
• Any amendments to this DPA shall be in writing and signed by both parties.

Contact Us

If you have any questions about this Data Processing Agreement, please contact us:

By email: [email protected]

By visiting this page on our website: Contact Form

By phone number: +1 250-890-3876

By mail: 4650 Roger Street, Comox, British Columbia V9N 5N1, Canada