Data Processing Agreement

Last updated: November 20, 2025

This Data Processing Agreement ("DPA") forms part of the agreement between Online Armor ("Processor") and the customer ("Controller") for the provision of reputation management services.

1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on personal data. "Sub-Processor" means any third party engaged by Online Armor to process personal data on behalf of the Controller.

2. Roles and Responsibilities

The Customer acts as the Controller and determines the purposes and means of processing personal data. Online Armor acts as the Processor and processes personal data only on documented instructions from the Controller.

3. Types of Data Processed

The categories of personal data processed may include:

  • End-user data: names, email addresses, phone numbers, review content
  • Customer data: business name, contact information, account details
  • Usage data: platform interaction data, analytics, and performance metrics

4. Purposes of Processing

Personal data is processed solely for the purpose of providing the Online Armor reputation management services as described in the main service agreement.

5. Duration of Processing

Processing shall continue for the duration of the service agreement between the Controller and Processor, unless otherwise agreed in writing.

6. Processor Obligations

Online Armor shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure that persons authorized to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to data subject requests
  • Notify the Controller without undue delay upon becoming aware of a personal data breach

7. Customer Obligations

The Controller shall:

  • Ensure that personal data is collected and processed in accordance with applicable data protection laws
  • Provide clear and documented instructions for the processing of personal data
  • Ensure that appropriate consent has been obtained from data subjects where required

8. Sub-Processors

Online Armor may engage Sub-Processors to assist in providing the services. We will inform the Controller of any intended changes concerning the addition or replacement of Sub-Processors, giving the Controller the opportunity to object.

9. International Transfers

If personal data is transferred outside of the jurisdiction in which it was collected, Online Armor will ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

10. Security Measures

Online Armor implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

11. Data Subject Rights

Online Armor will assist the Controller in fulfilling its obligations to respond to requests from data subjects exercising their rights under applicable data protection laws.

12. Data Retention and Deletion

Upon termination of the service agreement, Online Armor will delete or return all personal data to the Controller, unless retention is required by applicable law.

13. Audit Rights

Online Armor will make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits and inspections conducted by the Controller or a mandated auditor.

14. Liability

Each party's liability under this DPA is subject to the limitations set forth in the main service agreement.

15. Governing Law

This DPA is governed by the same laws as the main service agreement between the parties.

16. Termination

This DPA shall terminate automatically upon the termination of the main service agreement between the parties.

Contact

For questions about this DPA, please contact us at INFO@ONLINEARMOR.COM.