Data Processing Agreement (DPA)

  • Home
  • Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

Effective Date: June 25, 2025
Incentrex, Inc.
103 Shady Nook Ln
St George, VT 05495

1. Introduction

This Data Processing Agreement ("Agreement") is made between Incentrex, Inc., the Data Processor, and the Client (the "Data Controller") for the purpose of setting out the terms and conditions under which Incentrex, Inc., will process personal data on behalf of the Client in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This Agreement governs the processing of personal data and shall apply where Incentrex, Inc., processes personal data on behalf of the Client while providing services to the Client.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person, as defined under the applicable data protection laws.
  • Data Controller: The entity that determines the purposes and means of processing personal data, i.e., the Client.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller, i.e., Incentrex, Inc.
  • Data Subject: An identified or identifiable natural person whose personal data is being processed.

3. Purpose of Data Processing

Incentrex, Inc., will process personal data solely for the purpose of providing services as outlined in the primary agreement between the parties, including any related support services or technical assistance.

4. Types of Personal Data Processed

The personal data to be processed under this Agreement may include, but is not limited to:

  • Personal Identification Information: Name, email address, phone number
  • Billing and Payment Information: Credit card details, billing address
  • Other Data: Any other data provided by the Client necessary for the provision of services

5. Obligations of the Data Processor

As the Data Processor, Incentrex, Inc., agrees to:

  • Process personal data only in accordance with the documented instructions of the Data Controller.
  • Implement appropriate technical and organizational measures to ensure the security of personal data.
  • Assist the Data Controller in ensuring compliance with obligations related to data subject rights (e.g., access, rectification, erasure).
  • Notify the Data Controller of any data breaches without undue delay.
  • Ensure that personnel authorized to process personal data are subject to confidentiality obligations.

6. Subprocessors

Incentrex, Inc., may engage third-party subprocessors to process personal data on its behalf, subject to the following conditions:

  • Incentrex, Inc., will inform the Data Controller of any intended use of subprocessors.
  • The Data Processor will ensure that subprocessors are bound by contractual obligations that impose equivalent data protection obligations.
  • The Data Controller may object to the use of specific subprocessors in writing within a reasonable time frame.

7. Data Subject Rights

Incentrex, Inc., agrees to cooperate with the Data Controller to enable the exercise of data subject rights, including the right to:

  • Access personal data
  • Correct inaccurate or incomplete personal data
  • Erase personal data (where applicable)
  • Restrict or object to processing (where applicable)

Incentrex, Inc., will provide reasonable assistance in response to requests made by data subjects in relation to their rights.

8. Data Retention and Deletion

Incentrex, Inc., will retain personal data only for as long as necessary to fulfill the services provided under the Agreement or as required by applicable law. Upon termination of the services, Incentrex, Inc., will delete or return all personal data to the Data Controller, as instructed, unless retention is required by law.

9. Security Measures

Incentrex, Inc., will implement appropriate technical and organizational measures to ensure the security of personal data. These measures will protect personal data from unauthorized access, disclosure, alteration, or destruction.

10. Data Breach Notification

In the event of a personal data breach, Incentrex, Inc., will notify the Data Controller without undue delay, providing sufficient information to assist the Data Controller in complying with applicable data breach notification requirements.

11. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA) or any jurisdiction that requires specific safeguards for international data transfers, Incentrex, Inc., will ensure that adequate safeguards, such as standard contractual clauses or other mechanisms, are in place to protect the data.

12. Term and Termination

This Agreement will remain in effect for the duration of the data processing activities and until all personal data is returned or deleted, as outlined in Section 8.

Upon termination, Incentrex, Inc., will continue to uphold the confidentiality and security of the personal data and its obligations under this Agreement.

13. Governing Law and Dispute Resolution

This Agreement shall be governed by the laws of the state of Vermont, and any disputes arising from this Agreement will be resolved under the jurisdiction of the courts of the state of Vermont.

14. Changes to the Agreement

We may update this Agreement periodically to reflect changes in our data processing practices or to comply with applicable law. The updated Agreement will be posted here, and the effective date will be updated accordingly.

15. Contact Information

If you have any questions about this Agreement, please contact us:

Incentrex, Inc.
Toll Free: (800) 123-4567
Email: Send Now