Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the agreement between FactoryFollow ("Data Processor") and our users ("Data Controller") for the processing of personal data in accordance with applicable data protection laws. This DPA reflects the parties' agreement with regard to the processing of personal data.
This DPA is incorporated into and forms an integral part of FactoryFollow's Terms of Service and Privacy Policy. By using FactoryFollow's services, you agree to the terms of this DPA.
For the purposes of this DPA, the following terms shall have the meanings set out below:
This agreement applies to personal data processed through the FactoryFollow platform. The scope includes:
- Personal data provided by users during account registration and profile creation
- Business contact information exchanged between buyers and factories
- Communication data within the FactoryFollow messaging system
- Transactional data related to sample requests and orders
- Technical data such as IP addresses, device information, and usage analytics
This DPA does not apply to personal data processed outside the FactoryFollow platform or to anonymized data that cannot be associated with an identifiable individual.
FactoryFollow processes personal data in accordance with the following fundamental principles of data protection:
Lawfulness, Fairness, and Transparency
Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.
Purpose Limitation
Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimization
Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Security and Confidentiality
Personal data is processed in a manner that ensures appropriate security and confidentiality, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
In addition to these principles, FactoryFollow also adheres to the principles of accuracy, storage limitation, and integrity of personal data processing.
User Responsibilities
Users are responsible for ensuring they have lawful rights to share any personal data submitted to the platform. This includes obtaining necessary consents where required and ensuring that personal data shared with FactoryFollow complies with applicable data protection laws.
As Data Controllers, users must:
- Only share personal data that they have the legal right to process
- Obtain valid consent from data subjects when required by law
- Implement appropriate technical and organizational measures to protect personal data
- Respond to data subject requests in accordance with applicable laws
- Notify FactoryFollow of any changes to personal data processing that may affect this agreement
FactoryFollow implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Regular backups and disaster recovery procedures
- Employee training on data protection and security
- Incident response and breach notification procedures
FactoryFollow may transfer personal data to countries outside the European Economic Area (EEA) or other jurisdictions with adequate data protection laws. Such transfers are conducted in compliance with applicable data protection laws, including:
- Standard Contractual Clauses approved by the European Commission
- Privacy Shield Framework (where applicable)
- Other appropriate safeguards as required by law
Users will be notified of any changes to data transfer mechanisms that may affect the processing of their personal data.
FactoryFollow may engage sub-processors to assist in providing our services. All sub-processors are subject to contractual obligations that provide the same level of data protection as set out in this DPA. FactoryFollow remains responsible for the acts and omissions of its sub-processors.
A current list of sub-processors is available upon request and will be updated as changes occur.
FactoryFollow assists Data Controllers in fulfilling their obligations to respond to data subject requests under applicable data protection laws. Users may exercise their data subject rights by contacting us at the address provided below.
Data subjects have the right to:
- Access their personal data
- Rectify inaccurate personal data
- Erase personal data ("right to be forgotten")
- Restrict processing of personal data
- Data portability
- Object to processing of personal data
- Not be subject to automated decision-making
This DPA becomes effective upon acceptance of FactoryFollow's Terms of Service and continues until termination of the user's account or services.
Upon termination, FactoryFollow will, at the user's choice, delete or return all personal data to the user, and delete existing copies unless applicable law requires storage of the personal data.
Frequently Asked Questions
What laws does this DPA comply with?
This DPA is designed to comply with:
- EU General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA) and CPRA
- UK Data Protection Act 2018 and UK GDPR
- Brazil's General Data Protection Law (LGPD)
- Other applicable international data protection laws
FactoryFollow continuously monitors changes in data protection laws and updates this DPA as necessary to maintain compliance.
How long does FactoryFollow retain personal data?
FactoryFollow retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specific retention periods vary based on:
- The type of personal data
- The purpose of processing
- Legal requirements for data retention
- User account status and activity
Detailed information about specific retention periods is available in our Privacy Policy.
What happens in case of a data breach?
FactoryFollow has established procedures for responding to data breaches, including:
- Immediate investigation and containment of the breach
- Assessment of the risk to individuals' rights and freedoms
- Notification to affected users and relevant authorities as required by law
- Implementation of measures to prevent future breaches
In the event of a data breach affecting user data, FactoryFollow will notify affected users without undue delay and provide information about the nature of the breach, categories of data affected, and recommended protective measures.
Can I request a copy of my data?
Yes, data subjects have the right to request access to their personal data processed by FactoryFollow. To exercise this right:
- Submit a data access request through your account settings
- Contact our Data Protection Officer at the address below
- Provide sufficient information to verify your identity
FactoryFollow will respond to data subject requests within the timeframe required by applicable law, typically within 30 days.
For Further Information
If you have questions about this Data Processing Agreement or how FactoryFollow handles personal data, please contact us using one of the methods below.