Data Processing Agreement (DPA)
GRS Global LLC
Roles
For the purposes of data protection:
Client acts as the Data Controller
GRS Global LLC acts as the Data Processor
The Client determines the purpose and scope of data processing, while GRS processes data strictly on behalf of the Client.
Scope of Processing
GRS processes data only:
For the delivery of agreed services
Based on Client instructions and operational requirements
Within defined systems, workflows, and tools
We do not process data beyond what is necessary to perform our services.
Our Commitment
We commit to:
Processing data lawfully and in good faith
Maintaining confidentiality at all times
Limiting access to authorized personnel only
Ensuring data is used strictly for operational purposes
Data is handled with structure, accountability, and purpose.
Security & Data Handling
We implement practical safeguards, including:
Controlled and role-based access
Staff confidentiality agreements
Structured workflows and documented processes
Secure handling of credentials and systems
Our approach focuses on minimizing risk while maintaining operational efficiency.
Subprocessors
GRS may use third-party tools and platforms necessary for service delivery (e.g., marketplaces, CRM systems, automation tools).
All subprocessors are:
Selected based on operational need
Used under confidentiality obligations
Managed with reasonable safeguards
Data Breach Approach
In the event of a data-related issue:
We act promptly to contain the situation
We inform the Client without unnecessary delay
We take corrective action to resolve and prevent recurrence
Our focus is fast response, transparency, and resolution.
Data Retention & Deletion
Upon request or termination of services:
Data may be returned to the Client where applicable
Data may be securely deleted from our systems
Retention may occur only where required for legal or operational reasons