Data Processing Agreement

Data Processing Agreement (DPA) 

Between
Codesign 4 All Pty Ltd (ABN: 59682431090) 
(“Processor”, “Co.Design4All”, “we”, “us”, or “our”) 
And
[Insert Customer Name] 
(“Controller”, “you”, or “your”) 

Effective Date: [Insert Date] 

1. Background 

This Data Processing Agreement (“DPA”) forms part of the services agreement (“Main Agreement”) between Co.Design4All and the Customer and sets out the terms on which Co.Design4All will process personal data on behalf of the Customer in connection with the services delivered under that agreement. 

2. Definitions 

  • Personal Data: Any information relating to an identified or identifiable individual. 
  • Data Controller: The entity that determines the purposes and means of processing personal data. 
  • Data Processor: The entity that processes personal data on behalf of the controller. 
  • Processing: Any operation performed on personal data, including collection, use, storage, disclosure, or destruction. 

3. Roles and Responsibilities 

3.1 The Customer is the Data Controller and appoints Co.Design4All as its Data Processor. 

3.2 Co.Design4All agrees to process personal data only on the documented instructions of the Customer, unless required by law. 

3.3 Each party will comply with its respective obligations under applicable data protection laws, including the Australian Privacy Act 1988 (Cth) and, where applicable, the EU or UK General Data Protection Regulation (GDPR). 

4. Scope and Nature of Processing 

  • Purpose: To deliver co-design, research, facilitation, evaluation, and capacity-building services. 
  • Types of Data: May include names, contact details, demographic data, feedback, survey responses, audio/video recordings, and other personal information relevant to project delivery. 
  • Data Subjects: May include service users, employees, clients, community members, and stakeholders. 
  • Duration: For the duration of the service agreement and any period required for archiving or legal compliance. 

5. Security Measures 

Co.Design4All will implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include: 

  • Access controls and authentication 
  • Encryption and secure data storage 
  • Secure data transfer protocols 
  • Staff training and confidentiality obligations 

6. Sub-processors 

6.1 Co.Design4All may engage third-party sub-processors (e.g., digital platforms, survey tools) to assist with data processing. A list of current sub-processors will be provided on request. 

6.2 Co.Design4All will ensure that sub-processors are subject to the same obligations as set out in this DPA and remain liable for their actions. 

6.3 The Customer may object to a sub-processor on reasonable grounds. In such cases, Co.Design4All will work with the Customer to find a suitable resolution. 

7. Data Subject Rights 

Co.Design4All will assist the Customer in responding to data subject requests under applicable privacy laws, including requests for access, correction, deletion, or restriction of processing. 

8. Data Breach Notification 

In the event of a data breach that is likely to result in a risk to individuals’ rights or freedoms, Co.Design4All will notify the Customer without undue delay and provide reasonable assistance in managing the response. 

9. Return or Deletion of Data 

At the end of the service engagement, or upon written request, Co.Design4All will delete or return all personal data to the Customer unless retention is required by law. 

10. Audit and Compliance 

Co.Design4All will provide reasonable information to demonstrate compliance with this DPA and will allow for audits, where legally required, subject to reasonable notice and confidentiality obligations. 

11. Governing Law 

This Agreement is governed by the laws of Queensland and the Commonwealth of Australia. Any disputes arising from this DPA shall be subject to the exclusive jurisdiction of the courts of Queensland. 

Signatures 

For Co.Design4All 
Name: ___________________________ 
Title: ____________________________ 
Date: ____________________________ 
Signature: ________________________ 

For the Customer 
Name: ___________________________ 
Title: ____________________________ 
Date: ____________________________ 
Signature: ________________________