Start a project
DTN/Legal/Data Processing Agreement
Legal

Data Processing Agreement

Last updated: April 2026

This Data Processing Agreement ("DPA") supplements and forms part of the services agreement between DTN ECOM CO., LTD ("DTN", "Processor") and the Customer ("Controller") relating to processing of personal data on the Controller's behalf.

1. Subject matter

DTN processes personal data only on documented instructions from the Controller and for the purposes set out in the services agreement.

2. Duration & scope

Processing lasts for the term of the services agreement plus any deletion/return period. The categories of data and data subjects are those defined in the engagement Statement of Work.

3. Security measures

DTN implements appropriate technical and organisational measures including: encryption in transit and at rest, access controls, logging and monitoring, secure SDLC, staff training, regular penetration testing, and incident response procedures aligned to ISO 27001 / SOC 2 controls.

4. Sub-processors

The Controller provides general authorisation for DTN to engage sub-processors, subject to: (a) prior notice, (b) binding equivalent data-protection terms on the sub-processor, (c) the Controller's right to object on reasonable grounds. A current list is available on request.

5. Data subject rights

DTN will assist the Controller in responding to data-subject requests, including access, rectification, erasure, restriction, portability and objection.

6. Breach notification

DTN will notify the Controller without undue delay (and in any event within 48 hours) of becoming aware of a personal-data breach, and cooperate in investigation and remediation.

7. International transfers

Where personal data is transferred across borders, the parties will rely on Standard Contractual Clauses or another valid transfer mechanism.

8. Audit

The Controller may, upon reasonable notice and no more than once per year, audit DTN's compliance with this DPA. DTN may meet audit obligations by providing recent third-party certifications and audit reports.

9. Return & deletion

At the end of the engagement, DTN will return or securely delete personal data as directed by the Controller, unless retention is required by law.

10. Contact

DPA enquiries: dpa@dtn.com.vn.