Name
Email
You have been subscribed successfully!
There has been some error while submitting the form. Please verify all form fields again.

Data Processing Agreement

Data Processing Agreement (DPA)

Between

Bluez Innovations LLC (“Processor,” “Company,” “we,” “us,” or “our”)

17350 State Hwy 249, Ste 220 #25927

Houston, TX 77064, USA

And

The Client (“Controller,” “you,” “your”) engaging specific services from Bluez Innovations LLC via bluezglobal.com where the Company acts as a Data Processor.

Effective Date: Date of acceptance of applicable Service Agreement incorporating this DPA.

Last Updated: April 10, 2025

Table Of Contents
  1. 1. Introduction and Scope
  2. 2. Definitions
  3. 3. Details of Processing
  4. 4. Obligations of the Processor (Bluez Innovations LLC)
  5. 5. Obligations of the Controller (Client)
  6. 6. Sub-processors
  7. 7. Data Security
  8. 8. Data Subject Rights
  9. 9. International Data Transfers
  10. 10. Term and Termination
  11. 11. Limitation of Liability
  12. 12. Governing Law
  13. 13. Contact Information

1. Introduction and Scope

This Data Processing Agreement (“DPA”) forms part of the main agreement for services (“Service Agreement”) between Bluez Innovations LLC and the Client.

Applicability: This DPA applies only in circumstances where Bluez Innovations LLC processes Personal Data on behalf of the Client in the role of a Data Processor (as defined below), as specified within a particular Service Agreement or Statement of Work.

Exclusion: This DPA does not apply to the processing of Personal Data for which Bluez Innovations LLC is the Data Controller. This includes, for example, information the Client provides directly to us for account management, billing, communication, or for receiving general guidance services where we determine the means and purposes of processing that data. The processing of such data is governed by our Privacy Policy.

This DPA ensures compliance with applicable data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), where relevant to the processing activities covered hereunder.

2. Definitions

  • “Controller” means the entity that determines the purposes and means of the processing of Personal Data (i.e., the Client).
  • “Processor” means the entity that processes Personal Data on behalf of the Controller (i.e., Bluez Innovations LLC, when acting in this capacity).
  • “Data Subject” means the identified or identifiable natural person to whom Personal Data relates.
  • “Personal Data” means any information relating to a Data Subject that is processed by the Processor on behalf of the Controller as part of providing the specific Services covered by this DPA.
  • “Processing” means any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed by the Processor.
  • “Applicable Data Protection Law” means all laws and regulations applicable to the processing of Personal Data under the Service Agreement, including but not limited to the GDPR and CCPA.
  • “Sub-processor” means any third-party processor engaged by Bluez Innovations LLC to process Personal Data on behalf of the Controller.

3. Details of Processing

  • Subject Matter: The subject matter of the processing is the provision of specific Services by the Processor to the Controller, as defined in the applicable Service Agreement where the Processor acts on behalf of the Controller.
  • Duration: The processing will continue for the duration specified in the Service Agreement, or until the termination of the Service Agreement in accordance with its terms.
  • Nature and Purpose: The nature and purpose of the processing will be limited to that necessary to provide the specific Services outlined in the Service Agreement (e.g., managing the Controller’s customer email list for marketing campaigns, processing data within an automated workflow built for the Controller).
  • Types of Personal Data: The types of Personal Data processed will be determined by the Controller and specified in the Service Agreement (e.g., names, email addresses, contact details of the Controller’s customers or leads).
  • Categories of Data Subjects: The categories of Data Subjects will be determined by the Controller and specified in the Service Agreement (e.g., customers, potential customers, employees of the Controller).

4. Obligations of the Processor (Bluez Innovations LLC)

When acting as a Processor under this DPA, Bluez Innovations LLC shall:

  • a) Process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The Service Agreement constitutes the Controller’s initial instructions.
  • b) Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • c) Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
  • d) Respect the conditions referred to in paragraphs 5 and 6 for engaging another processor (Sub-processor).
  • e) Taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III of the GDPR or similar rights under other Applicable Data Protection Law.
  • f) Assist the Controller in ensuring compliance with obligations pursuant to Articles 32 to 36 of the GDPR (Security, Breach Notification, Data Protection Impact Assessment, Prior Consultation), taking into account the nature of processing and the information available to the Processor.
  • g) At the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data.
  • h) Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller (subject to reasonable notice and confidentiality obligations).
  • i) Notify the Controller without undue delay after becoming aware of a Personal Data Breach.

5. Obligations of the Controller (Client)

The Controller represents and warrants that:

  • a) It has complied and will continue to comply with all Applicable Data Protection Law in its collection and provision of Personal Data to the Processor.
  • b) It has a lawful basis for the processing of Personal Data by the Processor as contemplated by the Service Agreement.
  • c) Its instructions to the Processor for the processing of Personal Data shall comply with Applicable Data Protection Law.

6. Sub-processors

  • a) The Controller provides a general authorization for the Processor to engage Sub-processors to assist in providing the Services.
  • b) The Processor shall maintain a list of Sub-processors used for the relevant Services and shall make it available to the Controller upon request.
  • c) The Processor shall inform the Controller of any intended changes concerning the addition or replacement of Sub-processors, thereby giving the Controller the opportunity to object to such changes on reasonable data protection grounds. If the Controller objects, the parties shall discuss the objection in good faith.
  • d) The Processor shall impose data protection obligations upon any Sub-processor that are equivalent to those set out in this DPA, particularly providing sufficient guarantees to implement appropriate technical and organizational measures. The Processor remains fully liable to the Controller for the performance of the Sub-processor’s obligations.

7. Data Security

The Processor shall implement and maintain appropriate technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include encryption, access controls, network security, staff training, and regular security assessments, as appropriate to the risk.

8. Data Subject Rights

If the Processor receives a request directly from a Data Subject regarding their Personal Data processed under this DPA, the Processor will promptly notify the Controller (unless prohibited by law) and will provide reasonable assistance to the Controller in responding to the request, as required by Applicable Data Protection Law. The Controller is primarily responsible for responding to Data Subject requests.

9. International Data Transfers

If the processing of Personal Data under this DPA involves transferring Personal Data outside the European Economic Area (EEA) or other jurisdiction with specific transfer requirements, the Processor shall ensure appropriate safeguards are in place (such as Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms) for such transfers, either directly or through its Sub-processors.

10. Term and Termination

This DPA shall commence on the effective date of the relevant Service Agreement and shall remain in effect until the termination or expiration of that Service Agreement, and thereafter as necessary for the Processor to delete or return Personal Data as instructed by the Controller or as required by law. Termination of the Service Agreement will automatically terminate this DPA with respect to the services provided under that agreement.

11. Limitation of Liability

Each party’s liability arising out of or related to this DPA (whether in contract, tort, or under any other theory of liability) is subject to the limitations and exclusions set forth in the main Service Agreement. Nothing in this DPA is intended to limit liability that cannot be limited by law.

12. Governing Law

This DPA shall be governed by and construed in accordance with the laws governing the main Service Agreement (i.e., the laws of the State of Texas, USA, as specified in the Terms of Service), unless otherwise required by mandatory provisions of Applicable Data Protection Law (such as the GDPR).

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact Bluez Innovations LLC via the bluezglobal.com channels:

US Office / Registered Address:

Bluez Innovations LLC

17350 State Hwy 249, Ste 220 #25927

Houston, TX 77064, USA

📧 Email: US@BluezGlobal.com

📞 Phone: +1 (832) 702-2225

India Office:

📧 Email: hello@BluezGlobal.com

📞 Phone: +91 95609 44537

📍 Mohali, Punjab, India – 160055

Singapore Office (Coming Soon):

📧 Email: SG@bluezglobal.com

We will endeavor to respond to your inquiries promptly.

General Inquiries:

📧 Email: hello@BluezGlobal.com

Scroll to Top