Home / DPA

Data processing agreement.

Fydis negotiates DPAs directly with each customer. Here is how to request yours.

ABR Labs Pty Ltd (ABN 36 693 095 911) does not publish a standard DPA publicly. Each customer's data processing obligations are specific to their regulatory context, the categories of personal information in their Customer Data, and any applicable sector requirements (for example, the Australian Prudential Regulation Authority's CPS 234 for financial services customers). A one-size template would misrepresent those obligations.

Procurement and legal teams can request a redlined DPA by emailing hello@abrlabs.io with the subject line "DPA Request" and a brief description of your organisation's data categories and applicable frameworks. ABR Labs will return a draft within 48 business hours.

Request a DPA

What the DPA covers

The ABR Labs DPA addresses the following topics at minimum:

  • Categories and scope of personal information processed.
  • Processing purposes and legal basis under the Privacy Act 1988 (Cth) and applicable APPs.
  • Sub-processor list and notification obligations.
  • Data residency commitments (AWS ap-southeast-2, Sydney).
  • Security measures and incident notification timelines.
  • Data subject rights and how ABR Labs assists the Customer in meeting them.
  • Audit rights and evidence of compliance.
  • Data return and deletion on termination.

Customers subject to the GDPR or UK GDPR may request standard contractual clauses (SCCs) as an addendum.