GDPR DATA PROTECTION AGREEMENT
This Agreement ("Agreement") is effective upon the user’s acceptance by checking the agreement checkbox on the Catholic Circles website and is between:
1. Data Controller:
Catholic Circles
Contact Email:
Website: www.catholiccircles.org
Physical Address: N/A
Phone Number: N/A
2. Data Processor:
Online Hosting Provider and Associated Service Providers
Address: Online-based services provided via various cloud infrastructure platforms and third-party service providers (e.g., hosting, email services, analytics platforms).
Contact Information: Support available through relevant service provider platforms.
Background
A. Catholic Circles operates as the Data Controller, determining the purposes and means of processing personal data of its users, as per the General Data Protection Regulation (EU 2016/679) ("GDPR").
B. The Data Processor, including third-party service providers, processes personal data on behalf of Catholic Circles in connection with the services provided through its online platform.
C. By checking the agreement checkbox on the Catholic Circles website, the user agrees to the terms of this Data Protection Agreement, outlining the roles and responsibilities of Catholic Circles as the Data Controller and the Data Processor's obligations regarding the handling of personal data.
1. Definitions
- "Personal Data" means any information relating to an identified or identifiable individual (Data Subject), such as names, email addresses, or other data submitted through the Catholic Circles website.
- "Processing" means any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, or deletion.
- "Data Subject" means an individual whose personal data is processed (e.g., Catholic Circles users).
- "Supervisory Authority" refers to the authority responsible for overseeing GDPR compliance.
2. Scope of Processing
2.1 Catholic Circles, as the Data Controller, directs the processing of personal data by the Data Processor, including online service providers, in accordance with this Agreement.
2.2 Processing Details:
- Subject Matter: Personal data submitted by users of the Catholic Circles website.
- Duration: For the duration of the user’s engagement with Catholic Circles, or until data is no longer required for its original purpose.
- Nature and Purpose of Processing: User data is processed to provide services, communicate with users, and improve website functionality.
- Type of Personal Data: Name, email address, and any other user-provided information.
- Categories of Data Subjects: Users of the Catholic Circles website and services.
3. Obligations of the Data Processor
The Data Processor, including relevant online service providers, agrees to:
- Process Personal Data strictly according to Catholic Circles' documented instructions.
- Ensure that all individuals who process Personal Data are committed to confidentiality.
- Implement appropriate technical and organizational security measures as required under GDPR Article 32 to protect personal data.
- Assist Catholic Circles in responding to requests from Data Subjects related to their rights (e.g., data access, erasure, rectification).
- Return or delete Personal Data upon termination of the processing activities, unless otherwise required by law.
- Make available to Catholic Circles all necessary information to demonstrate compliance and facilitate audits upon request.
4. Obligations of Catholic Circles (Data Controller)
- Provide clear processing instructions to the Data Processor, ensuring that processing activities are lawful and GDPR-compliant.
- Maintain a record of processing activities in accordance with GDPR, including data processed on behalf of Catholic Circles.
5. Data Transfers
- The Data Processor shall not transfer Personal Data outside the European Economic Area (EEA) without Catholic Circles’ prior written approval, unless required by law.
- If a data transfer occurs, the Data Processor must ensure that appropriate safeguards are in place, as required by GDPR.
6. Use of Sub-processors
- The Data Processor, including any third-party service providers, may not engage any sub-processor without Catholic Circles’ prior written consent.
- Any sub-processors engaged by the Data Processor will be subject to the same obligations set out in this Agreement.
7. Security of Processing
- The Data Processor shall implement appropriate security measures to ensure the confidentiality, integrity, and availability of Personal Data, including:
- Data encryption and pseudonymization.
- Measures to protect data against unauthorized access, loss, or damage.
- These security measures shall be regularly tested and assessed to ensure their effectiveness.
8. Data Breach Notification
- The Data Processor shall notify Catholic Circles without undue delay upon becoming aware of any personal data breach.
- The Data Processor shall assist Catholic Circles in meeting any obligations to notify data protection authorities and affected individuals.
9. Confidentiality
The Data Processor and any personnel authorized to process personal data are bound by confidentiality obligations and must protect the confidentiality of Personal Data.
10. Term and Termination
- This Agreement remains effective for as long as the Data Processor processes Personal Data on behalf of Catholic Circles.
- Upon termination, the Data Processor shall return or delete all Personal Data, unless otherwise required by law.
11. Liability
Each party shall be liable for any breach of this Agreement or GDPR in accordance with applicable laws.
12. Governing Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of the state of Michigan, USA. Any disputes arising out of this Agreement will be subject to the exclusive jurisdiction of the courts of Michigan.
By checking the checkbox on the Catholic Circles website, the user agrees to the terms and conditions outlined in this Data Protection Agreement.
