O'Connor Logo
Menu
Home
About MeContactGet Started

Data Processing Agreement (DPA)

Effective Date: 12 August 2025

Business Name (Data Processor): Nathan O'Connor

Contact Email: info@nathanoconnor.co.uk

This Data Processing Agreement ("Agreement") forms part of the contract for services ("Main Agreement") between the Data Processor and the Data Controller. It outlines the terms under which the Data Processor will process personal data on behalf of the Data Controller in accordance with the UK GDPR and other applicable data protection laws.

1. Definitions

  • Data Controller: The client who determines the purposes and means of processing personal data.
  • Data Processor: Nathan O'Connor, who processes data on behalf of the Data Controller.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on personal data.

2. Scope and Purpose

The Data Processor shall process Personal Data only to the extent necessary to provide the agreed services, which may include:

  • Marketing automation
  • CRM configuration (e.g., HubSpot)
  • Data enrichment and analytics
  • Tracking setup (e.g., GTM, GA4)
  • Reporting and attribution

3. Instructions and Compliance

  • The Data Processor shall process data only on documented instructions from the Data Controller.
  • The Data Processor shall comply with all applicable data protection laws and regulations.
  • The Data Processor shall not use data for any other purpose without written consent.

4. Confidentiality

The Data Processor shall ensure that all persons authorised to process the personal data are subject to confidentiality obligations.

5. Security

The Data Processor shall implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encrypted storage and transmission
  • Access control and user authentication
  • Regular security reviews and audits

6. Sub-processors

  • The Data Controller authorises the use of third-party sub-processors, such as HubSpot, Google Ads, GA4, Airtable, and CookieYes.
  • A current list of sub-processors will be provided on request.
  • The Data Processor shall ensure that sub-processors are subject to data protection obligations equivalent to those in this Agreement.

7. Data Subject Rights

The Data Processor shall assist the Data Controller in responding to data subject requests, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability

8. Data Breach Notification

In the event of a data breach, the Data Processor shall notify the Data Controller without undue delay, and provide all relevant information and assistance to comply with legal obligations.

9. Data Transfers

The Data Processor may transfer personal data outside the UK/EU only with appropriate safeguards in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Sub-processor compliance with data transfer requirements

10. Data Retention and Deletion

Upon termination of the services, the Data Processor shall:

  • Return or delete all personal data, at the Data Controller's request
  • Confirm in writing that no data has been retained unless required by law

11. Duration

This Agreement remains in effect for as long as the Data Processor processes personal data on behalf of the Data Controller.

12. Governing Law

This Agreement is governed by the laws of England and Wales.

13. Applicability

This Data Processing Agreement forms the basis of how I handle personal data on behalf of my clients and is incorporated into all client relationships by reference.

If you are a client and require a signed copy of this DPA, please contact me at info@nathanoconnor.co.uk.