MENU

Discover Nexgen

Data Processing Agreement

Effective Date: June 12, 2023

Responsibilities, Compliance, and Data Security Provisions

This Data Processing Agreement ("DPA") is made between the sole proprietor TASAN O.V., registered under the laws of Ukraine with EDRPOU 3326110142 ("Data Processor") and any individual or legal entity ("Data Controller") that defines the purposes and means of processing personal data. Both parties are collectively referred to as the "Parties."

References to "Nexgen," "we," "our," or "us" refer to TASAN O.V., EDRPOU 3326110142, as the service provider and owner of the website and domain www.nexgenbrand.com.

This DPA is a part of the Terms of Service of Nexgen and is governed by the provisions outlined therein.

This DPA sets forth the obligations of both the Data Controller and the Data Processor in relation to personal data processing, including the terms for storage, protection, access, and data usage.

Considering:

  • (A) The Data Processor, as a service provider, provides the Data Controller access to the virtual Nexgen platform under the Nexgen Terms of Service.
  • (B) In using the services of the Data Processor, the Data Controller will upload personal data into the Data Processor’s systems, for which the Data Controller is responsible as the Data Controller, and the Data Processor acts as a Data Processor.
  • (C) Applicable data protection laws include the General Data Protection Regulation ("GDPR") and the Ukrainian Law on Personal Data Protection.
  • (D) The Parties wish to enter into a DPA that complies with applicable data protection laws.
  • (E) The Parties desire to define their respective rights and obligations.

Agreement:

1. Unless otherwise defined in this DPA, terms in this DPA have the same meanings as in the Nexgen Terms of Service.

Definitions

  • "Agreement" refers to this DPA, including all schedules, if any.
  • "Controller Personal Data" means any personal data processed by the Data Processor on behalf of the Data Controller under this DPA and the Terms of Service.
  • "Processing" refers to any operation performed on personal data, including collection, recording, storage, use, transfer, deletion, or destruction.
  • "Sub-processor" refers to any third party appointed by the Data Processor to process Controller Personal Data on behalf of the Data Controller.
  • "Data Protection Laws" refers to the GDPR, Ukrainian Law on Personal Data Protection, and other applicable data protection regulations.
  • "EEA" refers to the European Economic Area.
  • "GDPR" refers to the General Data Protection Regulation (EU) 2016/679.

Data Processing by the Data Processor

2. The Data Processor agrees to:

  • Comply with all applicable Data Protection Laws when processing the Controller's Personal Data.
  • Process Controller Personal Data only based on documented instructions from the Data Controller.

Sub-processing

3. The Data Processor is authorized by the Data Controller to engage sub-processors. The Data Controller has the right to request a list of such sub-processors and object to specific sub-processors.

We engage the following sub-processors to assist in providing specific services:

  • Google Analytics: Used for website analytics to track user interaction and behavior.
  • Cookiebot: Employed for cookie compliance and management.
  • HubSpot: Facilitates customer communication, including forms and chat functionality.
  • Calendly: Allows users to schedule appointments and redirects them to Calendly for booking.

We ensure that these sub-processors operate under the same data protection obligations and standards outlined in our DPA.

Data Security

5. The Data Processor will implement appropriate technical and organizational measures to ensure the security of the Controller’s Personal Data, including those outlined in Article 32(1) of the GDPR.

Data Breach Notification

6. The Data Processor will notify the Data Controller of any data breaches within 24 hours of becoming aware of such a breach.

Audits

7. The Data Processor will make available to the Data Controller all information necessary to demonstrate compliance with the DPA and applicable Data Protection Laws. The Data Controller may also audit the Data Processor's activities related to data processing.

Data Return or Deletion

8. The Data Processor shall, upon the Data Controller’s written request, delete or return all personal data upon termination of the agreement.

Confidentiality

9. Both Parties agree to maintain the confidentiality of the DPA and any information obtained from the other party, except when required by law.

Termination

10. If the Data Processor fails to comply with the DPA or Data Protection Laws, the Data Controller may suspend the data processing or terminate the agreement.

Jurisdiction

11. This DPA is governed by Ukrainian law, and any disputes arising from it will be subject to the jurisdiction of Ukrainian courts.