According to the GDPR, the organization has the role of 'controller' and Spotler has the role of 'processor'. As soon as your organization enlists a processor, you are obliged to conclude a processor agreement with this processor. Even if personal data ends up in Spotler through a third party, a processor agreement with that third party is required. The GDPR sets specific requirements for the content of a processor agreement.
Such as:
- Indicating how you will be using the data of contacts and for what purpose
- Indicating that the processor is responsible for all technical and organizational security measures
- Indicating that the processor provides assistance in reporting data leaks, etc.
In Spotler you will find a GDPR-proof model processor agreement from the DDMA. This processor agreement (PA) is free of charge. It is also possible to conclude a customized contract with us. However, this will entail additional costs, as a legal check must be carried out.
Go to the Privacy tab under Account settings. Next, click on Processor Agreement on the left.
If you haven't signed anything yet, the status will read Not signed. Right-click the status and you will see the following drop-down options:
- Sign
- View
- Download signing sheet
- View approval (only active after PA has been uploaded)
- Notes (only active after PA has been uploaded)
The sign sheet and the processor agreement are separate from each other. The reason for this is that the person who checks the PA does not need to be authorized to sign. The contract itself does not have to be signed, just the separate sign sheet.
Sign your processor agreement in 6 steps
Go through the following six steps in Spotler to easily sign the processor agreement:
- 1. Right-click on Unsigned and a drop-down menu will appear.
- Click on Download sign sheet.
- Complete the sign sheet, add your signature and make a scan or take a photo of it.
- Next, click on Sign in the drop-down menu.
- A pop-up will appear that allows you to choose a file. Select the signed sign sheet.
- Click on OK.
After uploading, the status will change from Not signed to Signed. In addition, the date of the upload will appear in the table. You will receive an email confirmation which includes the PA and the signed agreement. The main recipient will also receive an email notification. If you have a customized PA, it must be signed on both sides, so also by Spotler. When you conclude such a customized agreement with us, we ensure that this will become visible in your account.
Tip: Make sure to at least conclude a standard processor agreement with us. That way, you are already GDPR compliant and you can always conclude a customized contract later.
Changes to the PA
If a new version of the standard PA is released in the future, you will see that the version number has become higher. The current PA will remain in effect until the new PA has been signed. It is therefore important that you sign it again and upload the approval. The outdated PA will remain visible and will receive the status Outdated. It is only possible to upload a new sign sheet for the new PA.
When schould a organization conclude a processor agreement with Spotler?
When do I not have to conclude a processor agreement with Spotler? There are two cases in which you don't have to conclude a PA with Spotler.
Why should all partners conclude a processor agreement with Spotler? What should I look out for with regard to a processor agreement if I have a link? As a customer, do I have to conclude a processor agreement with my partner who supplies Spotler? |