Skip to content
menu-toggle
menu-close

DATA PROCESSING AGREEMENT
(DPA)

 

This Data Processing Agreement (DPA) is entered into by and between Vendortell ("Processor"), a provider of Intelligent Vendor and Contract Management services, and the user of Vendortell's services ("Controller"). This DPA is incorporated into and governed by the terms of the service agreement between Vendortell and the Controller (the “Agreement”).

1. Definitions

  • Affiliate: Any entity that controls, is controlled by, or is under common control with a party.
  • Controller: You, the user of Vendortell services.
  • Processor: Vendortell, including any service providers used by Vendortell.
  • Data Protection Law: Applicable data protection laws, including the EU GDPR and any local data protection laws.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Sub-Processor: Any third party engaged by Vendortell to process Personal Data on behalf of the Controller.

2. Purpose

Vendortell agrees to process Personal Data in accordance with the Controller’s documented instructions under the terms of the Agreement and this DPA. The processing is limited to what is necessary to provide Vendortell’s Vendor and Contract Management services.

3. Controller Obligations

  • The Controller represents that it will comply with all applicable data protection laws.
  • The Controller will ensure that it has the necessary authority to provide Personal Data to Vendortell for processing.
  • The Controller is responsible for maintaining accurate and lawful data and notifying Vendortell of any required changes in processing.

4. Processor Obligations

  • Vendortell shall process Personal Data only on the Controller’s instructions and in compliance with applicable data protection laws.
  • Vendortell shall implement technical and organizational measures to ensure the security of Personal Data, taking into account the nature and risks of the processing.
  • Vendortell will assist the Controller in responding to data subject requests and ensuring compliance with its data protection obligations.

5. Sub-Processing

  • The Controller authorised Vendortell to use Sub-Processors to provide its services, including but not limited to hosting providers and analytics platforms.
  • Vendortell will ensure any Sub-Processor is bound by contractual terms consistent with this DPA.
  • The Controller will be informed of any changes to Sub-Processors and has the right to object to such changes.

6. International Data Transfers

Vendortell may transfer Personal Data outside the EEA, UK, or Switzerland, provided such transfers are made in compliance with applicable data protection laws, including the use of standard contractual clauses where necessary.

7. Security Measures

Vendortell shall maintain appropriate security measures to protect Personal Data, including encryption, access controls, and disaster recovery capabilities.

8. Data Subject Rights

Vendortell will assist the Controller in handling data subject requests related to the right to access, rectify, erase, or restrict the processing of Personal Data.

9. Data Breach Notification

In the event of a data breach, Vendortell shall notify the Controller without undue delay and take appropriate steps to mitigate the effects of the breach.

10. Liability

Vendortell cannot be held liable for any errors or omissions in the calculations and insights provided by the platform. The Controller acknowledges that Vendortell's calculations are based on the data and contractual templates provided, and Vendortell makes no guarantees regarding the accuracy of any financial projections, incentive tracking, or contract interpretations.

11. Termination and Deletion of Data

Upon termination of the Agreement, Vendortell will, at the Controller’s option, return or delete Personal Data, except where retention is required by law.

12. Miscellaneous

  • This DPA shall remain in effect for the duration of the Agreement.
  • Any amendments to this DPA must be agreed upon in writing.

By using Vendortell's services, you agree to the terms of this Data Processing Agreement, including the limitation of liability for calculation errors within the platform.