This DPA applies when https://pinkpanthers.agency processes personal data on behalf of a client in the course of providing services ("Services"). In this DPA, the client is the "Controller" and we are the "Processor" (or equivalent terms under applicable law).

1. Scope and instructions

We will process personal data only:

• To provide the Services as instructed by the Controller

• As documented in the applicable statement of work or written instructions

• As required by law (in which case we will inform the Controller where permitted)

2. Type of data and categories of data subjects

Depending on the Services, processed data may include:

• Customer/contact identifiers (name, email, phone, address)

• Order and transaction data

• Support communications and operational logs

• Account and performance analytics data
  Data subjects may include the Controller’s customers, prospects, employees, contractors, or other authorized users.

3. Confidentiality

We ensure that persons authorized to process personal data are bound by confidentiality obligations.

4. Security measures

We implement reasonable technical and organizational measures designed to protect personal data, such as:

• Access controls and least-privilege permissions

• Secure credential handling practices (permission-based access where possible)

• Encryption in transit where supported by systems used

• Security monitoring and incident response practices
  Specific controls may vary based on the scope of Services and tools chosen by the Controller.

5. Sub-processors

We may engage sub-processors to support service delivery (hosting, analytics, communications, security). We will require sub-processors to protect personal data and process it only for the agreed purposes. Where required by law, we will provide a means to receive notice of material sub-processor changes.

6. Data subject requests

Taking into account the nature of processing, we will reasonably assist the Controller in responding to data subject requests (access, deletion, correction, etc.) to the extent applicable.

7. Personal data breaches

If we become aware of a personal data breach affecting personal data processed under this DPA, we will notify the Controller without undue delay and provide reasonably available information to support the Controller’s obligations.

8. Data return and deletion

Upon termination of Services, we will, at the Controller’s choice where feasible:

• Return personal data, or

• Delete personal data
  unless retention is required by law or necessary for legitimate recordkeeping (for example, accounting, disputes). Any retained data will remain protected.

9. Audits

Where required by law, the Controller may request reasonable information to confirm compliance with this DPA. Any audit requests must be reasonable in scope, frequency, and confidentiality.

10. International transfers

If international transfer safeguards are required, the parties will implement appropriate mechanisms (such as standard contractual clauses) to the extent applicable.

11. Order of precedence

If there is a conflict between this DPA and other agreements for Services, this DPA governs only with respect to data protection obligations.

12. Contact

https://pinkpanthers.agency