Data Processing Agreement

Last updated: January 2, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between DocCentral and the Customer, and sets out the terms that apply when Personal Data is processed by DocCentral on behalf of the Customer.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on Personal Data
  • Data Controller: The Customer who determines the purposes and means of processing
  • Data Processor: DocCentral, which processes Personal Data on behalf of the Customer

3. Scope of Processing

DocCentral will process Personal Data only:

  • As necessary to provide the services
  • In accordance with documented instructions from the Customer
  • In compliance with applicable data protection laws

4. Security Measures

DocCentral implements appropriate technical and organizational measures including:

  • Encryption of Personal Data at rest and in transit
  • Access controls and authentication
  • Regular security testing and audits
  • Employee training on data protection
  • Incident response procedures

5. Sub-processors

DocCentral may engage sub-processors to assist in providing the services. A list of current sub-processors is available upon request. We will notify customers of any changes to sub-processors.

6. Data Subject Rights

DocCentral will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, and portability.

7. Data Breach Notification

DocCentral will notify the Customer without undue delay upon becoming aware of a Personal Data breach and will provide information necessary for the Customer to meet its obligations under applicable law.

8. Data Deletion

Upon termination of services or upon request, DocCentral will delete or return all Personal Data to the Customer, unless retention is required by applicable law.

9. International Transfers

If Personal Data is transferred outside the EEA, DocCentral will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Contact

For questions about this DPA or to request a signed copy, contact us at dpa@doccentral.io

See also: Privacy Policy | Terms of Service