One Line
The DPA (Data Processing Agreement) is a supplementary agreement between a company and Meta that covers data processing across different regions.
Slides
Slide Presentation (11 slides)
Key Points
- Company shall be deemed to be a "Service Provider" and "Processor" under this DPA, save to the extent where Company is identified only as a "Third Party" or "Controller" in the Agreement.
- Meta may retain or disclose documentation and information regarding Processing under the Agreement as Meta deems reasonably necessary to comply or demonstrate compliance with Applicable Law.
- Company shall Process Meta Platforms Data solely for and at the direction of Meta, for the purposes specified in the Agreement (including this DPA) and for no other individual or entity and for no other purpose.
- Company shall not disclose Meta Platforms Data, except for and at the direction of Meta for the purposes specified in the Agreement (including this DPA) and for no other purpose.
- Company shall ensure that all persons authorized to Process Meta Platforms Data on behalf of Company have committed themselves in writing to confidentiality or are under an appropriate statutory obligation of confidentiality in relation to such Meta Platforms Data.
Summaries
18 word summary
The DPA supplements the main Agreement between a company and Meta, covering various regions and governing data processing.
67 word summary
The Data Protection Addendum (DPA) supplements the main Agreement between a company and Meta, covering Europe, USA, LATAM, AMET, Canada, and APAC. It governs the Processing of Protected Health Information under HIPAA and outlines specific terms for Processing of Meta Platforms Data, including confidentiality, technical measures, Subprocessors, notification, and return or deletion of data. Provisions for enforcement actions, compliance monitoring, and survival of obligations are also included.
139 word summary
The Data Protection Addendum (DPA) is an additional agreement that supplements the main Agreement between a company and Meta. It includes General Terms and Jurisdiction-Specific Terms, covering Europe, USA, LATAM, AMET, Canada, and APAC. The DPA governs the Processing of Protected Health Information under HIPAA if Meta has entered into a business associate agreement with the company. The company is considered a “Service Provider” and “Processor” under the DPA, except where identified as a “Third Party” or “Controller” in the Agreement. Specific terms for the company's Processing of Meta Platforms Data are outlined in the DPA, including confidentiality, technical measures, Subprocessors, notification, and return or deletion of data. The DPA also includes provisions for Meta's enforcement actions, regular monitoring of compliance, cooperation in responding to Correspondence, Data Incidents, and survival of obligations after termination or expiration of the Agreement.
369 word summary
The Data Protection Addendum (DPA) is an additional agreement that supplements the main Agreement between a company and Meta. It includes General Terms and Jurisdiction-Specific Terms, which vary depending on the location of the data processing and cover Europe, USA, LATAM, AMET, Canada, and APAC. In case of conflicts between the Agreement, General Terms, and Jurisdiction-Specific Terms, the order of precedence is: (i) Jurisdiction-Specific Terms; (ii) General Terms; and (iii) the Agreement. The DPA also governs the Processing of Protected Health Information under HIPAA if Meta has entered into a business associate agreement with the company.
The company is considered a “Service Provider” and “Processor” under the DPA, except where identified as a “Third Party” or “Controller” in the Agreement. Specific terms and requirements for the company's Processing of Meta Platforms Data are outlined in the DPA, including confidentiality, technical measures, Subprocessors, notification, and return or deletion of data. The DPA also includes provisions for Meta's enforcement actions in case of violations by the company, regular monitoring of compliance, and cooperation in responding to Correspondence related to Meta Platforms Data.
In case of a Data Incident involving Meta Platforms Data, the company is required to provide notice to Meta without undue delay and cooperate with Meta in remediation and compliance with Data Protection Requirements. The DPA also specifies that the company's obligations regarding Meta Platforms Data will survive any termination or expiration of the Agreement. Definitions for terms such as Affiliate, Agreement, Applicable Law, Controller, Data Incident, Data Protection Requirements, Personal Data, and interpretation guidelines for capitalized terms are included in the DPA.
Meta may update the DPA from time to time to reflect or comply with Applicable Law. The company is required to review and comply with the latest version of the DPA. The DPA includes provisions for survival of obligations, severability and waiver, and amendment by Meta with prior notice to the company. In summary, the DPA outlines specific terms and requirements for the company's Processing of Meta Platforms Data, covering aspects such as compliance with jurisdiction-specific terms, enforcement actions by Meta in case of violations, security measures for Meta Platforms Data, handling of Data Incidents, and survival of obligations after termination or expiration of the Agreement.
454 word summary
The Data Protection Addendum (DPA) is an additional agreement that supplements and is incorporated into the main Agreement between a company and Meta. It does not limit the company's obligations or Meta's rights under the Agreement. The DPA includes General Terms and Jurisdiction-Specific Terms, which the company must comply with. The Jurisdiction-Specific Terms vary depending on the location of the data processing and include terms for Europe, USA, LATAM, AMET, Canada, and APAC.
In case of any conflicts between the Agreement, General Terms, and Jurisdiction-Specific Terms, the order of precedence to determine the governing terms is: (i) Jurisdiction-Specific Terms; (ii) General Terms; and (iii) the Agreement. If Meta has entered into a business associate agreement with the company, it will govern the Processing of Protected Health Information under HIPAA.
The company is considered a "Service Provider" and "Processor" under the DPA, except where identified as a "Third Party" or "Controller" in the Agreement. The DPA outlines specific terms and requirements for the company's Processing of Meta Platforms Data, including confidentiality, technical measures, Subprocessors, notification, and return or deletion of data.
The DPA also includes provisions for Meta's enforcement actions in case of violations by the company, regular monitoring of compliance, and cooperation in responding to Correspondence related to Meta Platforms Data. Security terms regarding Meta Platforms Data cover information security, privacy program, network security, user passwords, encryption, and In-Scope Security Telephone Numbers.
In case of a Data Incident involving Meta Platforms Data, the company is required to provide notice to Meta without undue delay and cooperate with Meta in remediation and compliance with Data Protection Requirements. The DPA also specifies that the company's obligations regarding Meta Platforms Data will survive any termination or expiration of the Agreement.
The DPA includes definitions for terms such as Affiliate, Agreement, Applicable Law, Company, Controller, Data Incident, Data Protection Requirements, European Data Protection Requirements, In-Scope Security Telephone Numbers, Meta Platforms Data, Personal Data, Privacy Rights, Processing, Processor, Service Provider, Services, Subprocessor, USA Data Protection Requirements, and interpretation guidelines for capitalized terms.
Meta may update the DPA from time to time to reflect or comply with Applicable Law. The company is required to review and comply with the latest version of the DPA. The DPA includes provisions for survival of obligations, severability and waiver, and amendment by Meta with prior notice to the company.
In summary, the Data Protection Addendum (DPA) is an important supplementary agreement that outlines specific terms and requirements for the company's Processing of Meta Platforms Data. It covers various aspects such as compliance with jurisdiction-specific terms, enforcement actions by Meta in case of violations, security measures for Meta Platforms Data, handling of Data Incidents, and survival of obligations after termination or expiration of the Agreement.