Data Processing Agreement

This Data Processing Agreement (the "DPA") is incorporated into the agreement pursuant to which the Customer obtains the right to use the Services (the "Terms of Service") (collectively, the "Agreement").


  • “Data Protection Law” means any and all data protection laws and regulations that apply to the Processing of Personal Data by Form Approvals under the Agreement.
  • “Data Subject” means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Personal Data” means any data that: (a) is deemed “personal data” or “personal information” (or other analogous variations of such terms) under Data Protection Law; and (b) that Customer submits using the Services for Form Approvals to Process on Customer’s behalf.
  • “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
  • “Process” or “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Services” means any of the following services provided by Form Approvals pursuant to the Agreement: (a) Form Approvals-branded product offerings made available via the Internet, (b) consulting or training services provided by Form Approvals either remotely via the Internet or in person, and (c) any support services provided by Form Approvals, including access to Form Approvals’ help desk.

Processing of Company Personal Data

The Company instructs Processor to process Company Personal Data.
The Processor will comply with applicable laws and process data only for the purpose of providing the service, including troubleshooting, and diagnosing errors.

Data Processing and Protection

This DPA applies when Form Approvals processes Customer’s data for which Form Approvals will act as “processor” or “service provider” (or other analogous variations of such terms) under Data Protection Law.
Limitations on Use. Form Approvals will process Personal Data only: (a) in a manner consistent with documented instructions from Customer, including (i) to provide the Services, (ii) as permitted under the Agreement, and (iii) consistent with other reasonable instructions of Customer; and (b) with prior notice (unless notice is legally prohibited), as required by applicable law. Without limiting the foregoing, Form Approvals will not collect, retain, use, or disclose the Personal Data for any purpose other than as necessary for the specific purpose of performing the Services, including not collecting, retaining, using, or disclosing the Personal Data for a commercial purpose other than providing the Services.
Confidentiality. Form Approvals will ensure that persons authorized by Form Approvals to Process any Personal Data are subject to appropriate confidentiality obligations.
Security. Form Approvals will protect Personal Data in accordance with requirements under Data Protection Law, including by implementing appropriate technical and organizational measures designed to protect Personal Data against Personal Data Breach per Form Approvals’ Security Overview.
Return or Disposal. At the choice of Customer, delete or return (or will enable Customer to delete or retrieve) all Personal Data after the end of the provision of Services (unless applicable law requires Form Approvals to store any Personal Data). To request the return or disposal of your data refer to our Privacy Policy.
Customer Obligations. Customer will not instruct Form Approvals to perform any Processing of Personal Data that violates any Data Protection Law. Form Approvals may suspend Processing based upon any Customer instructions that Form Approvals reasonably suspects violate Data Protection Law. Subject to the cooperation of Form Approvals as specified in this DPA, Customer will be solely responsible for safeguarding the rights of Data Subjects. Customer will promptly notify Form Approvals about any faults or irregularities in the Processing by Form Approvals discovered by Customer.


Customer authorizes Form Approvals to use third-party subprocessors to Process Personal Data in connection with the provision of Services to Customer (“Subprocessor”). Customer may request a list of current Subprocessors at any time. If Customer objects to any Subprocessor, Form Approvals may terminate the Agreement immediately upon notice to Customer without liability.

Data transfers

Form Approvals processes data in the region selected by the user when they first use the Service but may store data in any region. Subprocessors may process and store data in any region.


If there is a conflict the Terms of Service will prevail over this DPA. Except for the matters covered by this DPA, all terms of the Terms of Service, remain in effect. Capitalized terms not defined in this DPA have the same meaning as in the Terms of Service. Except as otherwise stated in the Terms of Service, this DPA will automatically terminate upon the termination or expiration of the Terms of Service.

Types and categories of data

Other than in connection with configuration and subscription related data stored by the Service, Customer controls the types of Personal Data and categories of Data Subjects uploaded via the Services for Processing.