Data Processing Agreement FAQ

Data Processing Agreement FAQ

Data Processing Agreement FAQ

Can we use our own DPA instead of Blacknight’s?

Unfortunately, no. We understand that our customers may have varying levels of security and privacy requirements. however, we provide a number of different platforms which also have varying degrees of privacy responsibility (see matrix document), each requiring a different type of DPA.

Each platform is provided by different vendors, for example our cloud platform is provided by OnApp, whilst Shared hosting is on the Odin platform. We have updated agreements in place with our vendors and information on how those vendors sub-process on our behalf. See Third Party Processors

We have to make sure that our agreement with you is properly aligned with our vendor agreements and consequently we have reviewed and updated our Master Terms of Service and our data processing agreements, in order to achieve this.

These documents are required for both you, and ourselves, to achieve compliance under the GDPR. Any document you prepare may have differences which will inevitably need to be amended to align with our vendor agreements or our responsibilities as a controller or processor. Any amendments or alternative agreements will require legal review, and it’s simply not feasible for us to manage various contracts from over 80,000 customers in addition to the supplier contracts we are already managing.

Does the document need to be co-signed?

The current “Master Terms of Service” and any existing contracts have addendums for Data Processing. Your acceptance of these terms (recorded on first login to the Odin Control Panel) or as emailed directly to you constitutes a legally binding agreement.