Site logo
    Add a listing
    Add a listing

    Data Processing Agreement

    Our SCC: [ https://roastersmap.com/eea-standard-contractual-clauses ]

    Last updated on: February 05, 2025

    1. INTRODUCTION

    This Data Processing Agreement (“Agreement”) forms a legally binding contract between you and Roasters Map, USA (“Roasters Map,” “we,” “our,” or “us”) and applies to the processing of Customer Personal Data on your behalf when you act as the Data Controller. This Agreement applies where Roasters Map processes personal data in connection with the coffee roasters listing and marketplace (the “Services”).

    WHEREAS:

    •(A) The Company acts as a Data Controller.

    •(B) The Company engages Roasters Map as a Data Processor to perform certain Services that involve the processing of personal data.

    •(C) The Parties seek to implement a data processing agreement that complies with the current legal framework, including Regulation (EU) 2016/679 (the “GDPR”), as well as other applicable Data Protection Laws.

    •(D) The Parties wish to set forth their respective rights and obligations regarding such data processing.

    2. DEFINITIONS AND INTERPRETATION

    2.1 Definitions:

    Unless otherwise defined herein, the following terms have the following meanings:

    “Agreement” means this Data Processing Agreement and all its Schedules.

    “Company Personal Data” means any Personal Data processed by Roasters Map on behalf of the Company pursuant to this Agreement.

    “Contracted Processor” means any Subprocessor appointed by Roasters Map.

    “Data Protection Laws” means all applicable data protection or privacy laws, including the GDPR and other similar laws.

    “EEA” means the European Economic Area.

    “EU Data Protection Laws” means EU Directive 95/46/EC as transposed into national law and the GDPR, including any amendments.

    “GDPR” means the EU General Data Protection Regulation 2016/679.

    “Data Transfer” means any transfer of Company Personal Data between the Company, Roasters Map, or any Subprocessor that would otherwise be restricted under Data Protection Laws.

    “Services” means the coffee roasters listing and marketplace services provided by Roasters Map.

    “Subprocessor” means any person or entity appointed by Roasters Map to process Company Personal Data in connection with the Services.

    2.2 Terms such as “Commission,” “Controller,” “Data Subject,” “Member State,” “Personal Data,” “Personal Data Breach,” “Processing,” and “Supervisory Authority” shall have the meanings ascribed to them in the GDPR.

    3. PROCESSING OF COMPANY PERSONAL DATA

    3.1 Roasters Map, as the Processor, shall:

    •Comply with all applicable Data Protection Laws in processing Company Personal Data.

    •Process Company Personal Data solely on the documented instructions provided by the Company.

    3.2 The Company instructs Roasters Map to process Company Personal Data in accordance with this Agreement.

    4. PROCESSOR PERSONNEL

    Roasters Map shall ensure that any employee, agent, or contractor (including any Subprocessor) with access to Company Personal Data:

    •Has a legitimate need to access such data only for fulfilling the Services.

    •Is subject to confidentiality obligations or statutory duties of confidentiality.

    5. SECURITY

    5.1 Roasters Map shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the Processing, in accordance with Article 32(1) of the GDPR.

    5.2 In assessing security measures, Roasters Map shall consider risks associated with Processing, including the risk of a Personal Data Breach.

    6. SUBPROCESSING

    6.1 Roasters Map shall not engage any Subprocessor or disclose Company Personal Data to any Subprocessor without the prior written consent of the Company, except where required or authorized under this Agreement.

    7. DATA SUBJECT RIGHTS

    7.1 Roasters Map shall assist the Company in fulfilling its obligations to respond to Data Subject requests under applicable Data Protection Laws.

    7.2 Roasters Map shall:

    •Promptly notify the Company of any Data Subject request received.

    •Not respond to such requests except on the Company’s documented instructions, unless required by law, in which case Roasters Map shall inform the Company of the legal requirement before proceeding.

    8. PERSONAL DATA BREACH

    8.1 Roasters Map shall notify the Company without undue delay upon becoming aware of any Personal Data Breach affecting Company Personal Data, providing sufficient details to enable the Company to meet its legal obligations regarding breach notification.

    8.2 Roasters Map shall cooperate with the Company and take reasonable steps as directed to assist in the investigation, mitigation, and remediation of the breach.

    9. DATA PROTECTION IMPACT ASSESSMENTS & PRIOR CONSULTATION

    Roasters Map shall provide reasonable assistance to the Company with any Data Protection Impact Assessments or consultations with Supervisory Authorities, as required under Articles 35 and 36 of the GDPR or equivalent provisions of other Data Protection Laws.

    10. DELETION OR RETURN OF COMPANY PERSONAL DATA

    10.1 Upon cessation of Services involving Company Personal Data, Roasters Map shall, within 10 business days from the Cessation Date, delete or return all Company Personal Data, except where retention is required by applicable law.

    11. AUDIT RIGHTS

    11.1 Roasters Map shall provide the Company with all information necessary to demonstrate compliance with this Agreement and shall permit audits (including inspections) by the Company or an auditor mandated by the Company, subject to Data Protection Law requirements.

    11.2 The Company’s audit rights are subject to any limitations under this Agreement and applicable law.

    12. DATA TRANSFER

    12.1 Roasters Map shall not transfer Company Personal Data to countries outside the EU/EEA without the prior written consent of the Company.

    12.2 If a transfer from the EU/EEA to a third country occurs, the Parties shall ensure that the data is adequately protected by relying on EU-approved standard contractual clauses or other appropriate safeguards.

    13. GENERAL TERMS

    13.1 Confidentiality:

    Each Party shall keep confidential all information received in connection with this Agreement (“Confidential Information”) and shall not disclose it without the prior written consent of the other Party, except as required by law or if the information is already public.

    13.2 Notices:

    All notices under this Agreement must be in writing and sent to the addresses specified in this Agreement or as later notified by the Parties.

    14. GOVERNING LAW AND JURISDICTION

    14.1 This Agreement shall be governed by the laws of the United States.

    14.2 Any dispute arising in connection with this Agreement shall be submitted to the exclusive jurisdiction of the courts in the State of Georgia.