GENOMA BIOINFORMATICS LLC
DATA PROCESSING AGREEMENT (DPA)
Effective Date: [Insert Date]
This Data Processing Agreement (“DPA”) is entered into by and between:
Genoma Bioinformatics LLC (“Processor”), located at [Genoma Bioinformatics] and
[Client’s Name/Company Name] (“Controller”), located at [Client’s Address].
This DPA is incorporated into and forms part of the [Insert Main Agreement, e.g., “Terms of Service” or “Master Service Agreement”] between the parties. The parties agree as follows:
1. Definitions
- Data Protection Laws: Refers to the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable data protection laws.
- Personal Data: Any information relating to an identified or identifiable natural person, as defined under Data Protection Laws.
- Processing: Any operation performed on Personal Data, such as collection, storage, analysis, or deletion.
- Subprocessor: A third party engaged by the Processor to assist in processing Personal Data.
2. Roles and Responsibilities
- Controller: The Controller determines the purposes and means of processing Personal Data.
- Processor: The Processor processes Personal Data on behalf of the Controller and in accordance with the Controller’s instructions.
3. Details of Processing
- Types of Data: Genomic data, omics data, research data, and other Personal Data provided by the Controller.
- Purposes of Processing: To provide bioinformatics services, including data analysis, collaboration tools, and subscription support.
- Duration of Processing: For the duration of the main agreement between the parties, unless otherwise agreed in writing.
4. Processor’s Obligations
- Compliance with Instructions: The Processor will process Personal Data only in accordance with the Controller’s documented instructions.
- Confidentiality: The Processor will ensure that personnel handling Personal Data are bound by confidentiality obligations.
- Security Measures: The Processor will implement appropriate technical and organizational measures to protect Personal Data, including:
- Encryption of data during transmission and storage.
- Regular security audits and vulnerability assessments.
- Access controls to limit access to authorized personnel only.
5. Subprocessors
- Approved Subprocessors: The Processor may engage the following Subprocessors:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud
- Notification: The Processor will notify the Controller of any changes to the list of Subprocessors and provide the Controller with an opportunity to object.
6. Data Subject Rights
- Assistance: The Processor will assist the Controller in fulfilling data subject requests (e.g., access, correction, deletion) under GDPR and HIPAA.
- Response Time: The Processor will respond to such requests within [Insert Timeframe, e.g., “10 business days”].
7. Data Breach Notification
- Incident Response: The Processor will promptly notify the Controller of any data breach involving Personal Data.
- Details Provided: The notification will include:
- The nature of the breach.
- The categories and approximate number of individuals affected.
- The measures taken or proposed to address the breach.
8. Term and Termination
- Term: This DPA remains in effect for the duration of the main agreement between the parties.
- Return or Deletion of Data: Upon termination, the Processor will, at the Controller’s choice, return or delete all Personal Data and certify in writing that it has done so.
9. Governing Law
This DPA is governed by the laws of the State of Nebraska, without regard to its conflict of law principles.
IN WITNESS WHEREOF, the parties have executed this DPA as of the Effective Date.
Genoma Bioinformatics LLC
By: ___________________________
Name:
Title: Data Protection Officer
Date: ___________________________
[Client’s Name/Company Name]
By: ___________________________
Name: _________________________
Title: _________________________
Date: ___________________________
Genoma Bioinformatics 