Data Processing Agreement
Last updated: January 2025
Overview
This Data Processing Agreement ("DPA") forms part of the agreement between Monument and our customers for the provision of our services. This DPA reflects the parties' agreement with respect to the processing of personal data in accordance with applicable data protection laws.
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person that is processed by Monument on behalf of the Customer in connection with the services.
2. Data Processing
Monument will process Personal Data only on documented instructions from the Customer, unless required to do so by applicable law. Monument will ensure that persons authorized to process Personal Data have committed themselves to confidentiality.
3. Security Measures
Monument will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security testing.
4. Sub-processors
Monument may engage sub-processors to assist in providing the services. A list of current sub-processors is available upon request. Monument will notify customers of any changes to sub-processors.
5. Data Subject Rights
Monument will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws.
Request a DPA
To request a signed Data Processing Agreement for your organization, please contact our legal team.
Contact
For questions about this DPA, please contact us at legal@monument.so.