What is a DPA?
A data processing agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or electronic form.
It regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the processor.
Where the processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this GDPR and ensure the protection of the rights of the data subject.
Does Patchstack process any kind of personal data on your behalf?
Because we provide services for B2B clients and therefore, GDPR does not apply for such data, however, sometimes we provide services also for individuals, our Privacy Notice describes how we collect, use, process, and disclose your information related to your access to using the Patchstack services.
When providing our services, we may collect certain data including personal data relating to our users (e.g. such as user names, email addresses, and login-in attempts).
Concerning such limited data, we do not act as a data processor. If an individual is creating a Patchstack account for a company, we do not process such information on behalf of the company.
If you decide to reveal to us your name and personal email, we do not consider that such data is processed on behalf of the company that is signing up the account with us.
When do you need to sign a DPA?
Our Services include a website security firewall to prevent cyber attacks and to protect your websites. Using Patchstack or any other services, we do not collect any personal data about users of your website or website owners.
In the event, we detect website hacking incidents we are not allocating any personal data because hackers are hiding identity and do not reveal identifiable IP addresses, names, e-mail addresses, or any personal data. Therefore, we are in a position where we are not processing any personal data of the hackers as well.
Therefore, as we are not collecting personal data on behalf of companies, there is no need to sign a data processing agreement between you and Patchstack.