Template — not legal advice. This is a starting structure. Have your legal counsel review and complete it (and replace every [bracketed] placeholder) before publishing.

Data Processing Addendum

This page summarizes Infinite Corporation's data processing terms for customers. A signed DPA is available on request.

Roles

For customer personal data processed through our services, the customer is the controller and Infinite Corporation is the processor. [Confirm.]

Scope & details of processing

Subject matter, duration, nature and purpose of processing, types of personal data, and categories of data subjects are described in the DPA and the underlying agreement.

Sub-processors

We engage sub-processors under written contracts with equivalent obligations and maintain a current list, with notice of changes. [Link.]

Security measures

We implement appropriate technical and organizational measures as described on our Trust & Security page.

Data subject requests

We assist the customer in responding to data-subject requests, taking into account the nature of processing.

Personal data breach

We notify affected customers without undue delay after becoming aware of a personal data breach. [Confirm timeframe.]

International transfers

Where applicable, transfers rely on Standard Contractual Clauses or other lawful mechanisms.

Audits

We make available information necessary to demonstrate compliance and allow for audits as set out in the DPA.

Return & deletion

On termination, we return or delete personal data as instructed, subject to legal retention requirements.

Execute a DPA

To request a signed DPA, email privacy@infinitecorporation.com.

Last updated: [DATE]