Data Processing Agreement (DPA)

  • Home
  • Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

Global Unlimited Intertrade LTD
Effective Date: May 13, 2025

1. Introduction

This Data Processing Agreement (“DPA”) forms part of any contract or agreement (“Principal Agreement”) between Global Unlimited Intertrade LTD, with its registered address at Mosta Road, Central Office Building, Block A, Level 0, Halmann Vella, LJA 9016 Lija, Malta (“Controller”)**, and any third party processing personal data on its behalf (“Processor”).

This DPA ensures that personal data is processed securely, in compliance with Regulation (EU) 2016/679 (GDPR), Malta’s Data Protection Act, and other applicable privacy laws.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: Any operation performed on personal data, including collection, storage, use, transfer, or deletion.

  • Controller: The entity that determines the purposes and means of the processing of personal data.

  • Processor: The entity that processes personal data on behalf of the Controller.

  • Data Subject: The individual whose personal data is processed.

  • Supervisory Authority: The competent EU data protection authority (e.g., IDPC Malta).

3. Scope and Purpose

The Processor shall process personal data solely for the purposes described in the Principal Agreement and only on documented instructions from the Controller. The types of personal data and categories of data subjects are detailed in Annex I to this DPA.

4. Obligations of the Processor

The Processor agrees to:

  • Process personal data only on documented instructions from the Controller;

  • Ensure that persons authorized to process personal data have committed to confidentiality;

  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk;

  • Assist the Controller in responding to data subjects’ rights requests (access, rectification, erasure, etc.);

  • Notify the Controller without undue delay after becoming aware of a personal data breach;

  • Assist the Controller in ensuring compliance with Articles 32 to 36 of the GDPR (security, breach notifications, data protection impact assessments);

  • Delete or return all personal data upon termination of the processing services, unless required by law to retain the data.

5. Obligations of the Controller

The Controller agrees to:

  • Provide the Processor with clear and lawful instructions;

  • Ensure that there is a lawful basis for the processing of personal data;

  • Maintain a record of processing activities under its responsibility;

  • Be responsible for complying with all applicable data protection laws in relation to the personal data processing.

6. Sub-Processors

  • The Processor may engage sub-processors only with the prior written authorization of the Controller.

  • The Processor shall enter into a written agreement with each sub-processor that imposes the same data protection obligations as set out in this DPA.

  • The Processor shall remain liable for the actions of any sub-processor.

A current list of authorized sub-processors (if applicable) is included in Annex II.

7. International Data Transfers

  • The Processor shall not transfer personal data outside the European Economic Area (EEA) unless:

    • The transfer is to a country deemed by the European Commission to provide an adequate level of data protection;

    • Appropriate safeguards (e.g., Standard Contractual Clauses) are in place;

    • The data subject has provided explicit consent.

8. Data Security

The Processor must implement appropriate technical and organizational security measures, including (where appropriate):

  • Encryption and pseudonymization;

  • Access controls;

  • Regular security testing and vulnerability assessments;

  • Backups and data recovery procedures;

  • Training staff on data protection.

9. Data Breach Notification

In the event of a personal data breach, the Processor shall:

  • Notify the Controller without undue delay (no later than 48 hours) after becoming aware of the breach;

  • Provide all necessary details including the nature of the breach, affected individuals, likely consequences, and mitigation measures;

  • Cooperate with the Controller in complying with its breach reporting obligations.

10. Audit and Inspection Rights

The Controller has the right to:

  • Conduct audits or inspections of the Processor’s data processing activities;

  • Request written information and documentation demonstrating the Processor’s compliance with this DPA;

  • Have the audits performed by a qualified independent third party.

Audits must be conducted during normal business hours and with reasonable notice.

11. Duration and Termination

  • This DPA shall remain in effect for the duration of the data processing relationship between the parties.

  • Upon termination, the Processor shall delete or return all personal data as instructed by the Controller, unless otherwise required by law.

12. Liability and Indemnity

  • Each party shall be liable for its own compliance with GDPR and this DPA.

  • The Processor shall indemnify the Controller for damages, fines, or claims resulting from its failure to comply with its obligations under this DPA.

13. Governing Law and Jurisdiction

This DPA shall be governed by the laws of Malta, and any disputes shall be resolved by the competent courts of Malta.

Annex I: Details of Processing

Subject Matter: Processing personal data in the context of international trade and business operations.

Nature and Purpose:

  • Communications with customers, partners, and suppliers;

  • Processing for the performance of services outlined in the Principal Agreement;

  • Financial transactions, invoicing, and compliance.

Categories of Data Subjects:

  • Clients and customers;

  • Business contacts;

  • Employees or agents of the Controller;

  • Suppliers and vendors.

Categories of Personal Data:

  • Names, email addresses, phone numbers;

  • Company names, business titles;

  • Billing and shipping addresses;

  • Financial and transactional data;

  • Other data as needed for contractual execution.

Duration of Processing: As long as the Principal Agreement is in force, or as required by law.

Annex II: Approved Sub-Processors (if any)

Name Location Purpose Legal Basis
(To be filled if applicable)

Contact Information

Global Unlimited Intertrade LTD
📍 Mosta Road, Central Office Building, Block A, Level 0, Halmann Vella, LJA 9016 Lija, Malta
📧 office@globalunlimitedintertrade.com
📞 +44 7514 013350

Recent Posts

Recent Comments

No comments to show.

Recent Post

Limited Offers

Categories

Instagram


please fil the required details in instagram feed option.

Tag

Agricultural Products Trading Consumer Goods Metals Trading Oil Trading

Follow us on Social Media

Image Missing

Follow Global Unlimited Intertrade on social media for the latest updates in global commodities trading, market insights, and industry news. Stay connected with us worldwide!

Recent Post

Global Unlimited Intertrade LTD – Connecting the World Through Consumer Goods Trading
Global Unlimited Intertrade LTD – Connecting the World Through Consumer Goods Trading
  • Apr 29,2025
Global Unlimited Intertrade LTD – Driving Global Energy Through Petroleum Trading
Global Unlimited Intertrade LTD – Driving Global Energy Through Petroleum Trading
  • May 24,2023
Global Unlimited Intertrade LTD – Connecting Harvests to Markets Through Agricultural Products Trading
Global Unlimited Intertrade LTD – Connecting Harvests to Markets Through Agricultural Products Trading
  • May 24,2019

Address

  • Address:Mosta Road, Central Office Building, Block A, Level 0, Halmann Vella, LJA 9016 Lija, Malta

  • Website:Global Unlimited Intertrade Ltd.

  • Email:office@globalunlimitedintertrade.com

  • Phone:+44 7514 013350

Copyright © 2023 Global Unlimited Intertrade LTD. All rights reserved