Skip to content

Data Processing Agreement

Last Updated: September 25, 2025

1. Parties

This Data Processing Agreement (“DPA”) forms part of the Terms of Service or other agreement (“Agreement”) between Context Digital Consulting (“Processor”, “we”, “us”, or “our”) and the customer entering into the Agreement (“Controller”, “you”, or “your”).

2. Purpose and Scope

This DPA governs our processing of personal data on your behalf in connection with the Services. The parties agree to comply with applicable privacy laws, including PIPEDA, the GDPR (if personal data of EU residents is processed), and CASL (for commercial electronic messages in Canada).

3. Roles of the Parties

  • Controller: You determine the purposes and means of processing personal data.
  • Processor: We process personal data solely on your documented instructions.

4. Processing Instructions

We will process personal data only:

  • To provide and improve the Services;
  • In accordance with your documented instructions; and
  • As required by law.

If we are required by law to process data other than on your instructions, we will inform you unless prohibited by law.

5. Confidentiality

All persons authorized to process personal data on our behalf will be bound by confidentiality obligations.

6. Security Measures

We implement appropriate technical and organizational measures to protect personal data, which include:

  • Encryption in transit and at rest;
  • Multi-factor authentication for administrative access;
  • Regular backups and secure storage; and
  • System logging and monitoring.

7. Subprocessors

You authorize our use of the following subprocessors:

  • Microsoft Azure
  • Amazon Web Services (AWS)
  • MongoDB Atlas
  • BigMailer or Sendy
  • Duda
  • WPMUDEV
  • Google Workspace or Microsoft 365

We will impose equivalent data protection obligations on subprocessors, remain responsible for their performance, and maintain a current list of subprocessors on request.

8. Data Subject Rights

We will assist you, at your request, in fulfilling obligations to respond to data subject rights requests (e.g., access, rectification, deletion, portability) as applicable under law.

9. Breach Notification

If we become aware of a personal data breach affecting your data, we will notify you without undue delay and provide information reasonably required for you to comply with breach notification obligations under applicable law.

10. International Transfers

Where personal data is transferred outside of Canada, we will ensure adequate protections are in place, such as Standard Contractual Clauses or other legally recognized transfer mechanisms where required.

11. Audit Rights

Upon reasonable notice, you may request information about our compliance with this DPA. We may satisfy audit requests through independent certifications, third-party reports, or questionnaires.

12. Return or Deletion of Data

Upon termination or expiration of the Agreement, we will, at your choice, return all personal data to you or securely delete all such data, unless retention is required by applicable law.

13. Liability

Our liability under this DPA is subject to the limitations of liability set out in the Agreement between the parties.

14. Governing Law

This DPA is governed by the laws of the Province of Alberta and the federal laws of Canada applicable therein.

15. Contact

For questions or notices related to this DPA, please contact: [email protected].