The Future of Business Brokerage is Here

(307) 429-2322

(307) 429-2322

  • Home
  • Comprehensive Tools
  • About
  • FAQ
  • Contact
  • More
    • Home
    • Comprehensive Tools
    • About
    • FAQ
    • Contact
  • Home
  • Comprehensive Tools
  • About
  • FAQ
  • Contact

Data Processing Agreement

This Data Processing Agreement (“Agreement”) is entered into between Elite Business Exchange, a subsidiary of CNH Holdings Inc. (“Company,” “we,” “us,” or “our”), and the Customer or Partner (“Controller”) who utilizes our platform and services. This Agreement outlines the roles, responsibilities, and obligations of both parties when handling, storing, and processing personal data to ensure compliance with applicable data protection laws, including the **California Consumer Privacy Act (CCPA)** and **California Privacy Rights Act (CPRA)**, as well as other U.S. data protection regulations.


1. Definitions

  • Personal Data: Information that relates to an identified or identifiable individual, including but not limited to, names, email addresses, IP addresses, and other identifiers.
  • Processing: Any operation or set of operations performed on Personal Data, such as collection, storage, use, dissemination, or deletion.
  • Service Provider: A legal entity that processes Personal Data on behalf of the Controller, in compliance with the CCPA and CPRA.


2. Scope of Agreement

This Agreement covers all data processing activities involving Personal Data that are provided by the Controller to the Company for the provision of services. The scope includes, but is not limited to:

  • Collection and storage of Personal Data.
  • Processing of Personal Data for operational and support purposes.
  • Use of Personal Data in analytical tools and reporting.
  • Transfer of Personal Data to third-party service providers (sub-processors) as outlined in this Agreement.


3. Compliance with Laws

The Company agrees to process Personal Data in compliance with all applicable data protection laws, including the CCPA and CPRA. For the purposes of California law, the Company shall:

  • Ensure that any collection, retention, use, or disclosure of Personal Data is for the purposes specified in this Agreement.
  • Notify the Controller if there is any data breach, unauthorized access, or other security incident affecting Personal Data.
  • Implement appropriate technical and organizational measures to protect Personal Data from unauthorized access, use, or disclosure.

In accordance with the CPRA, if the Company engages a sub-processor, it must enter into a contract that meets CPRA requirements and allow ongoing compliance monitoring through assessments or audits at least once every twelve months [[❞]](https://www.aalrr.com/Business-Law-Journal/preparing-for-the-cpra-part-3-new-contractual-requirements).


4. Roles and Responsibilities

  • Controller: The Controller determines the purposes and means of processing Personal Data and provides instructions to the Company for the proper handling of the data.
  • Processor (Company): The Company processes Personal Data solely on the Controller’s instructions and implements appropriate safeguards to ensure data security. The Company shall not sell or share Personal Data without written consent from the Controller.
  • Sub-Processors: The Company will ensure that any sub-processors engaged in processing Personal Data on its behalf comply with equivalent obligations outlined in this Agreement. All sub-processors must sign a written contract and be subject to regular compliance checks [[❞]](https://www.afslaw.com/perspectives/alerts/ccpa-data-processing-agreements-vendors-considerations-ready-made-forms).


5. Data Security Measures

The Company shall implement the following security measures:

  • Data encryption in transit and at rest.
  • Access controls to limit data access to authorized personnel only.
  • Regular vulnerability assessments and risk management.
  • Training for personnel handling Personal Data in accordance with the CPRA requirements [[❞]](https://secureprivacy.ai/blog/ccpa-compliance-2024-secure-privacy-updates-guidelines).


6. Data Subject Rights

Under the CCPA, individuals have specific rights concerning their Personal Data. The Company agrees to support the Controller in fulfilling these rights, including:

  • The right to access, correct, or delete Personal Data.
  • The right to opt-out of the sale or sharing of Personal Data.
  • The right to limit the use and disclosure of sensitive Personal Data.

Requests from individuals must be communicated to the Controller within 10 business days, and the Company will assist in processing these requests promptly.


7. Transfer of Personal Data

Any transfer of Personal Data to sub-processors or third parties shall be conducted in accordance with applicable laws. The Company must ensure that third-party recipients comply with the CCPA and CPRA by signing a data processing addendum or equivalent legal agreement.


8. Termination and Data Retention

Upon termination of the Agreement, the Company shall:

  • Return or delete all Personal Data in its possession.
  • Provide certification of the deletion or return of data.
  • Retain Personal Data only as required for compliance with applicable legal obligations.


9. Liability and Indemnity

Both parties agree to indemnify and hold each other harmless against any claims, losses, or damages arising out of non-compliance with this Agreement. The Controller shall remain responsible for the accuracy and legality of Personal Data provided to the Company.


10. California-Specific Provisions

This Agreement complies with the CCPA and CPRA by:

  1. Prohibiting the sale of Personal Data without explicit instructions from the Controller.
  2. Ensuring that Personal Data is used only for the purposes outlined in this Agreement.
  3. Enabling consumers to exercise their rights through opt-out mechanisms, data access requests, and other privacy controls as required by California law [[❞]](https://www.afslaw.com/perspectives/alerts/ccpa-data-processing-agreements-vendors-considerations-ready-made-forms).


11. Amendments and Updates

The Company reserves the right to amend this Agreement to reflect changes in data protection laws or service offerings. The Controller will be notified of any changes and may terminate this Agreement if the updated terms are not acceptable.


12. Governing Law and Jurisdiction

This Agreement is governed by the laws of the state of California. Any disputes arising out of or in connection with this Agreement shall be resolved through binding arbitration in the state of California.


Contact Information

If you have any questions or concerns regarding this Agreement, please contact:

Elite Business Exchange 

A subsidiary of CNH Holdings Inc.  

541 Locust Street

Lebanon, Missouri 65536

admin@elitebusinessexchange.com

417-895-0143

This Agreement ensures compliance with all applicable data privacy regulations and demonstrates our commitment to protecting consumer data while offering high-quality business services. Let me know if there are any adjustments or additional sections you would like to include!


Copyright © 2025 Elite Business Exchange - All Rights Reserved.

  • Comprehensive Tools
  • About
  • Privacy Policy
  • Terms of Use
  • Performance Disclaimer
  • Cookie Policy
  • Data Processing Agreement
  • Refund Policy
  • Inner Circle Agreement
  • Valuation Disclaimer
  • Contact

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept