Legal
Clarus Data Processing Agreement (DPA)
1. Introduction
This Data Processing Agreement ("DPA") forms part of the Clarus Terms of Service.
This agreement governs how Clarus processes personal data on behalf of customers.
This agreement applies where Clarus processes personal data in connection with the Clarus platform.
2. Definitions
Controller The customer using Clarus who determines the purposes and means of processing personal data.
Processor Clarus, which processes personal data on behalf of the customer.
Personal Data Any information relating to an identified or identifiable individual.
Processing Any operation performed on personal data including collection, storage, and deletion.
3. Scope of Processing
Clarus processes data to provide the Clarus platform, including:
- User accounts
- Staff access
- Support communications
- Uploaded documents
- Business operational data
- Contact information
Clarus processes data only as necessary to provide services.
4. Customer Responsibilities
Customers agree to:
- Ensure lawful basis for data processing
- Maintain data accuracy
- Control user permissions
- Ensure authorised access
Customers remain responsible for data entered into Clarus.
5. Clarus Responsibilities
Clarus agrees to:
- Process data only for service provision
- Maintain appropriate security
- Restrict access to authorised personnel
- Maintain confidentiality
- Assist customers with data requests where appropriate
6. Security Measures
Clarus implements appropriate security measures including:
- Encrypted connections (HTTPS)
- Access controls
- Role-based permissions
- Secure hosting infrastructure
- Backup and recovery procedures
- Monitoring and logging
7. Subprocessors
Clarus may use trusted third-party subprocessors including:
- Cloud hosting providers
- Email providers
- Monitoring providers
- Backup providers
Clarus ensures subprocessors meet appropriate data protection standards.
8. Data Transfers
Clarus may transfer data to secure cloud providers.
Where data is transferred outside the UK or EEA, appropriate safeguards are implemented.
9. Data Retention
Clarus retains data:
- During active service use
- As required for service functionality
- As required by law
Upon termination:
- Data may be retained temporarily
- Data may then be securely deleted
Customers may request deletion.
10. Data Subject Rights
Clarus assists customers with:
- Data access requests
- Data correction
- Data deletion
- Data portability requests
Customers remain responsible for responding to data subject requests.
11. Data Breach Notification
Clarus will notify customers without undue delay if:
- Personal data breach occurs
- Security incident affects customer data
Clarus will provide reasonable assistance.
12. Confidentiality
Clarus personnel are required to:
- Maintain confidentiality
- Access data only when necessary
- Follow security procedures
13. Termination
Upon termination:
- Customer data may be retained temporarily
- Customers may request export
- Data may then be securely deleted
14. Governing Law
This agreement is governed by:
England and Wales
15. Contact
For data protection queries:
Email: accounts@openclarus.com Company: Clarus Address: