Home » Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

Last Updated: January 1, 2025

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is incorporated into and forms part of the Terms of Use and Privacy Policy of Stackup.ca. It governs the processing of personal data where Stackup.ca acts as a Data Processor on behalf of its users, partners, or affiliates, in compliance with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and, where relevant, the General Data Protection Regulation (GDPR) of the European Union.

Definitions

“Data Controller” means the entity that determines the purposes and means of processing personal data.
“Data Processor” means the entity that processes personal data on behalf of the Data Controller.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on personal data, whether automated or not, including collection, storage, alteration, transfer, or deletion.

Roles and Responsibilities

Stackup.ca acts as the Data Processor and processes Personal Data only as instructed by the Data Controller (our users, clients, or partners).
The Data Controller retains full responsibility for the lawfulness of data collection and ensuring proper legal grounds for processing.

Purpose and Scope of Processing

Stackup.ca will process Personal Data solely for the following purposes:

Providing and maintaining the services offered on Stackup.ca.
Improving website functionality, analytics, and user experience.
Carrying out customer support, troubleshooting, and service updates.
Complying with legal obligations and responding to lawful requests.

Data Security

Stackup.ca implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of Personal Data.
Security measures include encryption, access controls, secure hosting environments, and regular monitoring of systems.
Only authorized personnel are granted access to Personal Data, limited strictly to operational necessity.

Sub-Processors

Stackup.ca may engage third-party service providers (“Sub-Processors”) to assist in delivering services (e.g., hosting, analytics, payment processors).
All Sub-Processors are bound by data protection obligations equivalent to those set out in this DPA.
A list of active Sub-Processors may be made available upon request.

Data Subject Rights

Where required by applicable law, Stackup.ca will assist the Data Controller in fulfilling its obligations to respond to requests from data subjects, including:

Right of access to their personal data.
Right to rectification or erasure of personal data.
Right to restrict or object to processing.
Right to data portability.

International Data Transfers

If Stackup.ca transfers Personal Data outside of Canada, it ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent legal protections.

Data Retention and Deletion

Personal Data is retained only for as long as necessary to provide services or as required by law.
Upon termination of services or written request by the Data Controller, Stackup.ca will securely delete or return all Personal Data unless retention is legally required.

Confidentiality

All Personal Data processed by Stackup.ca is treated as strictly confidential.
Employees and contractors with access to Personal Data are bound by confidentiality agreements.

Breach Notification

In the event of a Personal Data breach, Stackup.ca will notify the Data Controller without undue delay once becoming aware of the breach.
The notification will include relevant details such as the nature of the breach, likely consequences, and steps taken to mitigate risks.

Audit and Compliance

Stackup.ca will make available information reasonably necessary to demonstrate compliance with this DPA. Where required, the Data Controller may request audits or assessments, subject to reasonable limitations and confidentiality obligations.

Governing Law

This DPA is governed by the laws of Canada and, where applicable, relevant provincial laws. Where GDPR applies, the DPA will also be interpreted in accordance with EU data protection law.

Contact Information

If you have questions about this DPA or how your data is processed, please contact us at: Email: [email protected] Address: Attn: Legal, Stackup.ca, 60 Atlantic Ave. Suite 200, Toronto, ON M6K1X9 This DPA forms part of Stackup.ca’s commitment to protecting user privacy and ensuring compliance with Canadian and international data protection standards.

New Rogers Mobile Plans with Massive Data and Roaming

The Best Prepaid and Pay-as-You-Go Phone Plans in Canada

Best TV and Internet Bundles in Canada

What Is IPTV and How Much Does It Cost in Canada?

Is IPTV Legal in Canada?

Best Rural Internet Providers in Canada: 5 Best Options for Remote Communities

How Much Does Netflix Cost in Canada?

Best Starlink Alternatives in Canada

Freedom Mobile Customer Service and Freedom Mobile Self Serve

Koodo Customer Service and Koodo Self Serve: The Complete Guide

Best Seniors Internet in Canada: Affordable and Reliable Options

Best Internet for Students in Canada

Data Processing Agreement (DPA)