DPA Overview
A public summary of how openCenter handles customer data when acting as a processor.
This page is a trust-facing summary for procurement and security review. It explains the operating model behind a formal data processing agreement rather than replacing one.
Customers that need contractual data protection terms should request the full DPA during procurement or contract negotiation.
Purpose
Clarifies controller and processor roles, data protection commitments, subprocessor governance, and transfer safeguards.
- Primary audience
- Security, legal, compliance, procurement
- Role summary
- Customer is typically controller, openCenter acts as processor for covered service data
- Subprocessors
- Controlled through vendor review and disclosed through the subprocessor list
- Transfer safeguards
- Contractual safeguards expected where cross-border transfers apply
openCenter distinguishes between customer instructions, processor duties, and customer responsibilities in the shared-responsibility model.
Confidentiality, access control, incident response, and vendor governance are core parts of the processing commitment.
A full DPA should be executed when the engagement requires formal processor terms, audit support, or transfer language.
Customer as controller
The customer determines why and how its customer data is processed in the service, subject to the shared operational model.
openCenter as processor
openCenter processes customer data on documented instructions only for the purpose of delivering the subscribed platform or managed service.
Shared responsibility
Customers remain responsible for workload configuration, lawful data collection, and user-facing disclosures that sit outside the openCenter service boundary.
- Use personnel and subprocessors bound by confidentiality and access controls appropriate to the service.
- Implement technical and organizational measures proportionate to the platform and deployment model.
- Assist with data subject requests, breach notifications, and deletion or return obligations as described in the contract.
openCenter uses approved service providers where needed for infrastructure, communications, analytics, or managed operations. Those vendors are reviewed and disclosed through the public or customer-specific subprocessor materials.
Where international data transfers occur, openCenter expects the contract package to include the safeguards required by applicable law, including standard contractual clauses or an equivalent lawful mechanism where relevant.