Data Processing Agreement

Last updated: May 28, 2026

Definitions

For the purposes of this DPA: 'Controller' means the client who determines the purposes and means of processing personal data. 'Processor' means ModSuite, which processes personal data on behalf of the Controller. 'Personal Data' means any information relating to an identified or identifiable natural person as defined under the GDPR.

Roles & Responsibilities

ModSuite acts as a Data Processor for the personal data provided or made available by the Controller in connection with the services. The Controller retains full responsibility for determining the purposes and means of processing and for ensuring that a lawful basis for processing exists. ModSuite will process personal data only on documented instructions from the Controller, unless required to do otherwise by applicable law.

GDPR Compliance

ModSuite complies with the General Data Protection Regulation (GDPR) (EU) 2016/679. We maintain appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption, access controls, regular security audits, and staff training on data protection.

Data Processing Details

The subject matter of the processing is the provision of digital services including web development, hosting, design, marketing, and related support. The processing duration is the term of the agreement plus any applicable retention periods. The categories of data subjects include the Controller's customers, users, employees, and other individuals whose data is provided to ModSuite.

Cross-Border Data Transfers

Personal data may be processed in countries where ModSuite or its sub-processors operate. We ensure that any cross-border transfer of personal data is governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, or another lawful transfer mechanism recognized under GDPR. The Controller consents to such transfers under this DPA.

Sub-Processors

The Controller authorizes ModSuite to engage sub-processors necessary for service delivery, including cloud hosting providers, email delivery services, and analytics platforms. ModSuite will notify the Controller of any intended changes concerning the addition or replacement of sub-processors and provide an opportunity to object.

Data Subject Rights

ModSuite will assist the Controller in responding to data subject requests to exercise their rights under GDPR (access, rectification, erasure, restriction, portability, objection). If a data subject contacts ModSuite directly with a request, we will promptly forward it to the Controller.

Security Measures

ModSuite maintains the following security measures: SSL/TLS encryption for data in transit, encrypted storage for data at rest, role-based access controls, regular security patches and updates, intrusion detection and monitoring, and incident response procedures.

Breach Notification

ModSuite will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data. We will provide timely information about the nature of the breach, categories of data affected, and steps taken to address it.

Data Deletion & Return

Upon termination of the agreement, ModSuite will, at the Controller's choice, delete or return all personal data processed on behalf of the Controller, unless retention is required by applicable law.

Contact

For DPA-related inquiries, contact our Data Protection team at dpo@modernlisim.com.