What's included
- Roles of the parties (Controller / Processor)
- Scope, nature, and purpose of processing
- Categories of data subjects and personal data
- Security measures (Annex II)
- Sub-processor list and change-notification process
- SCCs (Modules 2 and 3) for transfers from the EEA, UK, and Switzerland
- CCPA service provider terms
- Data subject request handling within 30 days
- Breach notification within 72 hours of confirmed incident
- Audit rights consistent with industry practice
How to execute
- 01 Request the DPA from your account team or legal@coreforge.example.
- 02 We countersign the standard form within 3 business days.
- 03 Material edits route to legal review and typically return within 5–10 business days.
- 04 Executed DPA becomes part of your master agreement and is referenced on your order form.
GDPR · UK GDPRCCPA / CPRASCCs Modules 2 & 3
Need the DPA now?
We can send the current standard form and subprocessor list under NDA.