Vendor DPA Execution Request Instructions
Thank you for reviewing our Data Processing Addendum (DPA). If you would like to execute this DPA with Sinch Voice, we ask that you submit the below requested information to our data privacy team. Our team will review your submission, and then provided an executable copy of our DPA, including your submission, to your authorized signatory. We may ask you to amend or supplement your submission to ensure our legal obligations are met. Be sure to respond to all information requests marked by an asterisk (*), or your submission will be rejected.
To initiate the Data Processing Addendum execution process with Sinch Voice, you may copy/paste the below table into an email, complete the fields, and submit to Sinch Voice by email at ([email protected]):
Organization Details |
|
Vendor Name* Please enter the full legal entity name of your organization, as registered in your jurisdiction of incorporation, including any relevant DBA (i.e., “doing business as” or brand name). This information will be used for the signature block in the DPA. |
[Input Field] |
Vendor Jurisdiction* Please enter the registered jurisdiction of incorporation for your company Example: Corporation incorporated in the state of Delaware |
[Input Field] |
Authorized Signatory – Name* Please enter the legal first and last name of the authorized signatory for your organization. This information will be used for the signature block in the DPA. |
[Input Field] |
Authorized Signatory – Email Address* Please enter the email address of the authorized signatory for your organization. This email address will be used to send the DPA to this individual for signature. Please be sure to let them know to expect a DocuSign envelope from Sinch Voice. |
[Input Field] |
Privacy Contact – Email Address* Please input the email of your organization's main point of contact for privacy-related matters (e.g., data protection, incident response, and consumer rights requests). |
[Input Field] |
Data Protection Officer – Contact Details If relevant, please input the name, email, and address of your organization's appointed Data Protection Officer, in some cases required by law. Example: VeraSafe, LLC 100 M Street S.E., Suite 600 Washington, D.C. 20003 USA +1 (617) 398-7067 Email: [email protected] Contact Form: https://www.verasafe.com/about-verasafe/contact-us/ |
[Input Field] |
Data Protection Representative(s) – Contact Details If relevant, please input a description and the name, email, and address of your organization's appointed data protection representative(s), in some cases required by Article 27 of the GDPR. Example: EU Representative: VeraSafe Ireland Ltd Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P Ireland Email: [email protected] Contact Form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ UK Representative: VeraSafe United Kingdom Ltd. Albert Embankment SE1 7TL, London United Kingdom Email: [email protected] Contact Form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ |
[Input Field] |
Other Contact If relevant, please input a description and the name and email of any other necessary organizational contacts and/or jurisdictional representatives. Example: Individual requesting DPA execution: John Doe Internal Legal Department |
[Input Field] |
Details of Processing* We request a detailed description of the personal data being processed under your Agreement with Sinch Voice. To provide this information, either:
|
|
The subject matter of the Processing of Personal Data is:* Example: The subject matter of the Processing of Personal Data pertains to the provision of Services, as requested by Sinch Voice. |
[Input Field] |
The duration of the Processing of Personal Data is:* Example: The duration of the Processing of Personal Data is generally determined by Sinch Voice and is further subject to the terms of the DPA and the Agreement, respectively, in the context of the contractual relationship between Sinch Voice and Vendor. |
[Input Field] |
The nature and purpose of the Processing of Personal Data are:* Example: The nature and purpose of Processing of Personal Data pertains to the provision of Services under the Agreement. |
[Input Field] |
The categories of Personal Data to be Processed are:* Example 1: Personal Data collected may include:
Example 2: Sinch Voice determines the Personal Data being submitted, which may contain special data, such as health data and SSN. |
[Input Field] |
The categories of Data Subjects to whom the Personal Data relates are:* Example: End Users of the Services |
[Input Field] |
Frequency of the transfer:* Example: Regular and repeating for the duration of the Agreement. |
[Input Field] |
Data transfer roles of the parties:* Example:
|
[Input Field] |
Controllership roles of the parties:* Example:
|
[Input Field] |
Contracted Processors List* We request a list of your organization's Contracted Processors, i.e., sub-processors, that process personal data under your Agreement with Sinch Voice. For each Contracted Processor, include the full legal name and any relevant DBA; website hyperlink; location of processing; description of products or services; and description of Contracted Processor’s technical and organizational security measures. To provide this information, either:
You may expand this table as needed to include all relevant sub-processors. |
|
Sub-Processor No. 1
Example:
|
[Input Field] |
Sub-Processor No. 2
Example:
|
[Input Field] |
Sub-Processor No. 3
Example:
|
[Input Field] |
Sub-Processor No. 4
Example:
|
[Input Field] |
Additional Sub-Processors |
[Input Field] |
Technical and Organizational Security Measures* We request a detailed description of your organization's technical and organizational security measures applicable to the personal data being processed under the Agreement with Sinch Voice. Include specific descriptions as to your organization's security measures. Broad, generic descriptions will be rejected. To provide this information, either:
|
|
Measures of pseudonymization and encryption of Personal Data: Examples:
|
[Input Field] |
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of Processing systems and services: Examples:
|
[Input Field] |
Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident: Examples:
|
[Input Field] |
Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the Processing: Examples:
|
[Input Field] |
Measures for user identification and authorization: Examples:
|
[Input Field] |
Measures for the protection of data during transmission: Examples:
|
[Input Field] |
Measures for the protection of data during storage: Examples:
|
[Input Field] |
Measures for ensuring physical security of locations at which Personal Data are Processed: Examples:
|
[Input Field] |
Measures for ensuring event logging: Examples:
|
[Input Field] |
Measures for ensuring system configuration, including default configuration: Examples:
|
[Input Field] |
Measures for internal IT and IT security governance and management: Examples:
|
[Input Field] |
Measures for certification/assurance of processes and products: Examples:
|
[Input Field] |
Measures for ensuring data minimization: Examples:
|
[Input Field] |
Measures for ensuring data quality: Example:
|
[Input Field] |
Measures for ensuring limited data retention: Examples:
|
[Input Field] |
Measures for ensuring accountability: Examples:
|
[Input Field] |
Measures for allowing data portability and ensuring erasure: Examples:
|
[Input Field] |