Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the agreement between the customer (“Controller”) and Distribution.studio Inc. (“Processor”). It applies to the processing of personal data carried out by the Processor on behalf of the Controller.

Terms such as “personal data”, “processing”, “data subject”, “controller”, and “processor” have the meanings given in applicable data protection laws, including the GDPR and UK GDPR.

• Subject matter: provision of the Distribution.studio platform.
• Duration: for the term of the underlying agreement.
• Nature and purpose: hosting, analysis, and delivery of audits and campaigns.
• Data subjects: the Controller's authorized users and contacts.
• Categories of data: account, usage, and content data submitted by the Controller.

The Processor will:

• Process personal data only on documented instructions from the Controller.
• Ensure persons authorized to process data are bound by confidentiality.
• Implement appropriate technical and organizational security measures.
• Assist the Controller in responding to data subject requests.
• Make available information necessary to demonstrate compliance.

The Controller authorizes the Processor to engage sub-processors to deliver the service. The Processor maintains a current list of sub-processors and will give notice of changes, allowing the Controller a reasonable opportunity to object.

Where personal data is transferred outside the EEA, UK, or Switzerland, the parties will rely on the Standard Contractual Clauses or another approved transfer mechanism, which are incorporated into this DPA by reference.

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, and will provide information reasonably required to meet the Controller's notification obligations.

Upon termination of the service, the Processor will, at the Controller's choice, delete or return all personal data, unless retention is required by law.

The Processor will make available, upon reasonable request and subject to confidentiality, the information and assistance needed to demonstrate compliance with this DPA, including third-party audit reports where available.

To request a countersigned copy of this DPA for your organization, contact privacy@distribution.studio with your company details.