Data Processing Agreement
Overview
A Data Processing Agreement (DPA) is a contract between a data controller (you) and a data processor (ClinixQM) that outlines how personal data will be processed in compliance with data protection laws such as GDPR.
When You Need a DPA
You may need a DPA with ClinixQM if:
- Your organization is subject to GDPR
- You process personal data of EU/EEA residents
- Your data protection policy requires DPAs with all processors
- You need to demonstrate compliance to your customers or regulators
What Our DPA Covers
The ClinixQM DPA includes:
- Subject matter and duration: Description of processing activities and term
- Nature and purpose: How and why we process data
- Types of personal data: Categories of data processed
- Data subjects: Who the data relates to
- Security measures: Technical and organizational controls
- Subprocessors: Third parties we use and how we manage them
- Data subject rights: How we support your obligations
- Data transfers: Safeguards for international transfers
- Audit rights: Your ability to verify compliance
- Data deletion: Return and deletion of data upon termination
Request a DPA
To request a Data Processing Agreement:
- Email privacy@clinixqm.com with the subject "DPA Request"
- Include your organization name and ClinixQM account email
- We will send you our standard DPA for review and signature
DPAs are typically processed within 5 business days.
Standard Contractual Clauses
For international data transfers, our DPA includes the EU Standard Contractual Clauses (SCCs) as approved by the European Commission.
Questions
For questions about data processing or DPA terms, contact our privacy team at privacy@clinixqm.com.