Bespire Data Processing Agreement (DPA)
Effective Date: [Insert Date]
This Data Processing Agreement (DPA) is entered into by and between Bespire ("Company," "we," "our," or "us") and the client or user ("Client," "you," or "your") who engages with our services. This agreement governs the processing of personal data in connection with our services and is designed to ensure compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations. This DPA supplements our Privacy Policy and outlines our obligations, responsibilities, and security measures in handling personal data entrusted to us. By using our services, you acknowledge and agree to the terms of this agreement.
1. Scope and Purpose of Data Processing
Bespire processes personal data solely for the purpose of delivering our services as agreed with the Client. This includes activities such as project management, communication, invoicing, marketing, analytics, and service improvements. We act as a data processor, meaning that we handle personal data on behalf of the Client, who is the data controller and determines the purpose and means of data processing.
Bespire does not sell, rent, or use personal data for any purposes beyond the agreed-upon scope. All personal data processed is limited to what is strictly necessary to provide our services effectively. Personal data may include names, email addresses, company details, transaction records, and any other relevant information required for project execution. Bespire ensures that all data processing activities adhere to the principles of lawfulness, fairness, transparency, purpose limitation, and data minimization, as required by applicable regulations.
Bespire does not sell, rent, or use personal data for any purposes beyond the agreed-upon scope. All personal data processed is limited to what is strictly necessary to provide our services effectively. Personal data may include names, email addresses, company details, transaction records, and any other relevant information required for project execution. Bespire ensures that all data processing activities adhere to the principles of lawfulness, fairness, transparency, purpose limitation, and data minimization, as required by applicable regulations.
2. Data Security and Confidentiality
To safeguard personal data, Bespire implements industry-standard security measures, including encryption, access controls, secure data storage, and regular security audits. Our security policies are designed to protect personal data from unauthorized access, alteration, disclosure, or destruction. We restrict access to personal data only to authorized personnel who require it for service delivery. All employees and contractors are bound by strict confidentiality agreements, ensuring that they handle personal data responsibly and in compliance with this DPA. If there is any suspected or actual data breach, Bespire will take immediate action to mitigate risks and notify affected parties without undue delay as required by law. While we take all necessary precautions to protect personal data, Clients are responsible for ensuring that any shared information complies with applicable laws and is securely transmitted.
3. Data Retention and Deletion
Bespire retains personal data only for as long as necessary to fulfill the agreed-upon services, comply with legal obligations, or resolve disputes. Data retention periods may vary depending on the nature of the data and contractual requirements. Once personal data is no longer required, we ensure secure deletion, anonymization, or destruction of such data. Clients may request data deletion at any time, provided that doing so does not conflict with legal, regulatory, or contractual obligations. Upon termination of services, Bespire will either delete or return all personal data to the Client unless retention is required by law. In cases where data is anonymized, it will no longer be considered personal data and may be used for analytical purposes to improve our services. Clients should review their own data retention policies to ensure alignment with their internal compliance requirements.
4. Subprocessors and International Data Transfers
To deliver our services efficiently, Bespire may engage third-party subprocessors, such as cloud hosting providers, analytics platforms, and payment processors, to support various aspects of our business operations. All subprocessors are carefully vetted to ensure they meet strict security and compliance standards. We maintain data processing agreements (DPAs) with all subprocessors, ensuring that they provide adequate protection for personal data in accordance with applicable regulations. Some subprocessors may be located in jurisdictions outside of the Client's country, including regions that do not have the same level of data protection laws. In such cases, Bespire ensures that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other legally recognized mechanisms to ensure lawful data transfers. Clients may request a list of our subprocessors at any time for full transparency.
5. Client Rights and Responsibilities
As the data controller, the Client has full ownership and responsibility over the personal data shared with Bespire. Clients must ensure that any personal data provided is lawfully collected, accurate, and necessary for the agreed-upon services. Bespire processes data only as instructed by the Client, and any additional requests must be formally communicated and agreed upon. Clients also have the right to request access, correction, deletion, restriction, or portability of their personal data in accordance with applicable laws. If a Client receives a data subject request related to personal data processed by Bespire, they must promptly inform us so that we can assist in fulfilling the request as required by law. In case of disputes regarding data processing, both parties agree to resolve concerns amicably before pursuing legal action.
By continuing to engage with Bespire’s services, you acknowledge and agree to the terms outlined in this Data Processing Agreement. If you have any questions or require further clarification, please contact our Data Protection Officer (DPO) at [Insert Contact Email].
By continuing to engage with Bespire’s services, you acknowledge and agree to the terms outlined in this Data Processing Agreement. If you have any questions or require further clarification, please contact our Data Protection Officer (DPO) at [Insert Contact Email].