Data Processing

Data Processing Agreement

GDPR, CCPA & HIPAA Compliant

Last updated: October 14, 2025

1. Definitions

Controller

The client that determines purposes and means of processing

Processor

Juris LPO, processing data on behalf of Controller

Personal Data

Any information relating to an identified person

Processing

Any operation performed on personal data

Data Subject

An identified or identifiable natural person

Sub-processor

Third party engaged to process personal data

2. Scope and Applicability

This DPA applies to all processing of personal data by Juris LPO on behalf of the Controller in connection with legal process outsourcing services.

GDPR

Compliant

CCPA

Compliant

HIPAA

Compliant

SOC-2

Compliant

3. Processor Obligations

Juris LPO shall:

Process personal data only on documented instructions from the Controller

Ensure personnel confidentiality commitments

Implement appropriate technical and organizational security measures

Engage sub-processors only with prior written authorization

Assist the Controller in responding to data subject requests

Assist in ensuring compliance with data protection obligations

Delete or return all personal data upon service termination

Provide information to demonstrate compliance with this DPA

5. Security Measures

Technical Measures

🔐AES-256 encryption (transit & rest)

🏢Secure U.S. data centers

🔑Multi-factor authentication

🔄Regular security updates

🛡️Firewall & intrusion detection

📡Secure file transfer (SFTP/HTTPS)

Organizational Measures

✓SOC-2 Type II certification

✓HIPAA compliance protocols

✓GDPR compliance procedures

✓Role-based access control

✓Employee confidentiality agreements

✓Regular security training

✓Data breach response plan

✓Regular security audits

7. Data Subject Rights

Juris LPO shall assist the Controller in fulfilling data subject rights requests:

Right of Access

Right to Rectification

Right to Erasure

Restriction of Processing

Data Portability

Right to Object

Response Time: All data subject requests forwarded to Controller within 2 business days

8. Data Breach Notification

24 Hours

Maximum notification time after breach detection

In the event of a breach, we will:

→Provide detailed description of the breach

→Identify affected data categories and subjects

→Describe likely consequences

→Outline mitigation measures

→Cooperate fully in investigation

9. International Data Transfers

Personal data may be transferred between the United States and India with full compliance:

🇺🇸 United States

Primary data center location

🇮🇳 India

Processing center with SCCs

✓Standard Contractual Clauses (SCCs) approved by EU Commission

✓Adequate security measures per GDPR requirements

✓Data localization in U.S. when required

12. Liability and Insurance

📋

Professional Liability (E&O)

✓ Active Coverage

💻

Cyber Liability Insurance

✓ Active Coverage

🛡️

General Liability Insurance

✓ Active Coverage

👥

Fidelity/Employee Bond

✓ Active Coverage

16. Contact for Data Protection Matters

For all data protection inquiries, please contact our Data Protection Officer:

Data Protection Officer

Juris LPO

Email: contact@jurislpo.com

Address: First Floor Office No. 204, H-196, Sector 63, Gautam Budh Nagar, U.P. 201309