Who is the controller and who is the processor?

The controller determines the purpose and means of processing. The processor processes data on the controller's behalf. E.g. your e-shop is the controller, Mailchimp is the processor.

Can I use the supplier's DPA instead of my own?

Yes, many suppliers (Google, Microsoft, Stripe) have standardised DPAs. Check that it meets your requirements and those of Slovak law.

What are sub-processors and why do they matter?

Sub-processors are other companies the processor engages in data processing. The processor must ensure sub-processors also comply with GDPR.

Employment contracts

DPA — Data Processing Agreement

A DPA is a mandatory agreement under Article 28 GDPR whenever a controller transfers personal data to a processor (e.g. cloud services, marketing tool, accounting software). It defines the purpose, scope, duration of processing, security measures and data subject rights.

These templates are for illustrative purposes only. They are not legal advice — consult a lawyer before signing.

Download free PDF Sign online

DPAGDPRosobné údajespracovateľ

Contract preview

zipzipdocEmployment contracts