top of page

Data Processing Addendum (DPA)

Effective Date: November 30, 2020
Last Updated: January 1, 2025
 

This Data Processing Addendum (“Addendum”) forms part of the Service Agreement (“Agreement”) between Quality Concepts, LLC (“Processor”) and the Client (“Controller”), each a “Party” and together the “Parties.”

 

1. Purpose and Scope

 

This Addendum sets out the terms and conditions under which Quality Concepts, LLC processes personal data on behalf of the Client in providing fraud prevention and security services. The Addendum ensures compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

 

2. Definitions

​

  • “Personal Data” means any information relating to an identified or identifiable natural person.

  • “Processing” means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.

  • “Controller” means the entity that determines the purposes and means of processing Personal Data.

  • “Processor” means Quality Concepts, LLC, which processes Personal Data on behalf of the Controller.

 

3. Roles and Responsibilities

​

  • Controller Responsibilities: The Client ensures it has the right to transfer Personal Data to Quality Concepts, LLC and is responsible for ensuring compliance with applicable data protection laws.

  • Processor Responsibilities: Quality Concepts, LLC shall:

    • Process Personal Data only on documented instructions from the Client.

    • Implement appropriate technical and organizational measures to protect data.

    • Assist the Client in responding to data subject requests.

    • Notify the Client of any data breach without undue delay.

 

4. Confidentiality

 

All persons authorized to process Personal Data for Quality Concepts, LLC are bound by confidentiality obligations.

 

5. Security Measures

 

Quality Concepts, LLC shall implement security measures, including but not limited to:

​

  • Encryption of Personal Data in transit and at rest.

  • Access controls and authentication measures.

  • Continuous monitoring for suspicious activity.

  • Regular system audits and vulnerability testing.

 

6. Sub-Processing

​

  • Quality Concepts, LLC may engage sub-processors only with prior written consent from the Client.

  • Any sub-processor must agree to data protection obligations at least as protective as those in this Addendum.

 

7. Data Subject Rights

 

Quality Concepts, LLC will, to the extent legally permitted, assist the Client in fulfilling obligations to respond to requests from data subjects (e.g., right of access, rectification, deletion).

 

8. International Transfers

 

If Personal Data is transferred outside the jurisdiction where it was collected, Quality Concepts, LLC shall ensure adequate protection through standard contractual clauses or equivalent legal mechanisms.

 

9. Data Retention and Deletion

 

Upon termination of services, Quality Concepts, LLC will delete or return all Personal Data at the Client’s request, unless required by law to retain it.

 

10. Breach Notification

 

In the event of a data breach, Quality Concepts, LLC will notify the Client without undue delay and provide all necessary information to enable the Client to comply with its legal obligations.

 

11. Governing Law

 

This Addendum shall be governed by and construed in accordance with the laws of Washington State, United States, unless otherwise required by applicable data protection laws.

 

12. Term

 

This Addendum will remain in effect as long as Quality Concepts, LLC processes Personal Data on behalf of the Client.

​

Signed:
Quality Concepts, LLC

bottom of page