Contracts & Agreements

Every professional relationship in GDPR4All is underpinned by a formal agreement. Whether you are a client subscribing to the platform, a reseller partnering with GDPR4All to serve your own customers, or a reseller generating service agreements for your client organisations, the Contracts module ensures that every agreement is clearly documented, digitally signed, and independently verifiable.

Viewing Your Service Agreement

Your service agreement is the contract that governs your use of the GDPR4All platform. It sets out the terms of service, the scope of features included, your obligations as a user, data processing terms, and the rights and responsibilities of both parties.

Accessing Your Agreement

To view your current service agreement:

1. Navigate to Settings > Contracts (or the contracts section of your account).
2. Your active agreement is displayed with key details:
   • Agreement title — the formal name of the contract (e.g., "GDPR4All Service Agreement" or "Platform Partnership Agreement").
   • Parties — the contracting parties (your organisation and GDPR4All, or your organisation and your reseller).
   • Effective date — when the agreement came into force.
   • Expiry or renewal date — when the agreement expires or is due for renewal.
   • Status — whether the agreement is draft, pending signature, active, or expired.

Agreement Content

The full text of the agreement is available within the platform. You can read through every clause, including:

• Service description — what the platform provides and what is included in your subscription.
• Data processing terms — how GDPR4All processes personal data on your behalf, acting as a processor under Article 28.
• Security measures — the technical and organisational measures in place to protect your data.
• Liability and indemnification — the responsibilities of each party in the event of a breach or dispute.
• Termination — the conditions under which either party can end the agreement.

Digital Signature Process

GDPR4All uses a secure digital signature process that allows you to sign agreements electronically without the need for printing, scanning, or posting physical documents.

How to Sign

When a new agreement is presented to you (either at registration or when terms are updated):

1. Review the agreement — read through the full text carefully. Pay particular attention to the data processing terms and your obligations.
2. Confirm your identity — the platform verifies that you are the authorised signatory for your organisation (typically the Client Admin or an authorised representative).
3. Apply your signature — click the Sign button to apply your digital signature. This records:
   • Your name and role.
   • The date and time of signing.
   • Your IP address (for verification purposes).
   • A unique signature identifier.
4. Receive confirmation — once signed, you receive a confirmation and the agreement status changes to Active.

Signature Validity

Digital signatures in GDPR4All are legally binding under the eIDAS Regulation (EU) and the Electronic Communications Act 2000 (UK). They carry the same legal weight as a handwritten signature for the purposes of the service agreement.

Each signature is cryptographically linked to the document content, meaning that any subsequent modification to the agreement would invalidate the signature — providing tamper-evidence and integrity assurance.

PDF Download

Once an agreement is signed, you can download a PDF copy for your records.

Downloading Your Agreement

1. Navigate to Settings > Contracts.
2. Click Download PDF next to the agreement you wish to save.
3. The downloaded PDF includes:
   • The full text of the agreement.
   • A signature page showing all parties' signatures, dates, and signature identifiers.
   • A verification section with details on how to independently verify the document's integrity.

Using Downloaded PDFs

The PDF is a complete, self-contained record of the agreement. You can:

• Store it in your organisation's document management system.
• Share it with your legal team, auditors, or supervisory authorities.
• Use it as evidence of your contractual arrangements in the event of a dispute.
• Archive it alongside your other GDPR compliance documentation.

Blockchain Verification

GDPR4All uses blockchain technology to provide an independent, tamper-proof verification of document integrity. This means that anyone can verify that a signed agreement has not been altered since it was signed — without relying on GDPR4All or any other party.

How It Works

When an agreement is signed:

1. A cryptographic hash (a unique digital fingerprint) of the document is calculated.
2. This hash is recorded on a public blockchain, creating an immutable, timestamped record.
3. The transaction reference is stored alongside the agreement in GDPR4All.

Verifying a Document

To verify that a signed agreement is authentic and unaltered:

1. Navigate to the agreement in Settings > Contracts.
2. Click Verify Integrity (or use the verification link in the downloaded PDF).
3. The platform recalculates the document hash and compares it against the blockchain record.
4. If the hashes match, the document is verified as authentic — it has not been modified since it was signed.
5. If the hashes do not match, the document has been altered and the verification fails.

Why Blockchain Verification Matters

Traditional digital signatures prove that a specific person signed a document, but they can be challenged if the document itself has been modified after signing. Blockchain verification adds an independent layer of assurance:

• Immutability — once a hash is recorded on the blockchain, it cannot be altered or deleted.
• Independence — the blockchain record exists independently of GDPR4All. Even if the platform were to cease operating, the blockchain record would remain.
• Transparency — anyone with the transaction reference can independently verify the document hash against the blockchain.
• Timestamping — the blockchain transaction provides an independent timestamp, proving when the document was signed.

This is particularly valuable for regulatory compliance. If a supervisory authority questions the authenticity of a service agreement or data processing terms, blockchain verification provides indisputable proof of the document's integrity.

Contracts for Resellers

Resellers have a dual role in the contracts framework: they are signatories to their own partnership agreement with GDPR4All, and they generate service agreements for their client organisations.

Platform Partnership Agreement

When you become a GDPR4All reseller, you sign a Platform Partnership Agreement that governs your relationship with the platform. This agreement covers:

• Reseller rights and obligations — what you are authorised to do, how you may represent the platform, and your responsibilities to your clients.
• Commercial terms — wholesale pricing, commission structures, and payment terms.
• Data processing terms — how data flows between GDPR4All, your organisation, and your clients.
• Service level commitments — uptime guarantees, support response times, and escalation procedures.
• Termination — conditions for ending the partnership, including data portability and client transition provisions.

The partnership agreement is signed using the same digital signature process and verified via blockchain, just like client agreements.

Generating Client Service Agreements

As a Reseller Admin, you can generate service agreements for your client organisations directly from the platform:

1. Navigate to your Reseller Dashboard > Contracts or the specific client's profile.
2. Click Generate Agreement.
3. The platform creates a service agreement based on your partnership terms, customised for the specific client:
   • Client organisation name and details.
   • Pricing terms as configured in your client pricing settings.
   • Service scope based on the modules and features included in the client's plan.
   • Data processing terms appropriate to the client's jurisdiction and processing activities.
4. Review and customise — review the generated agreement and make any necessary adjustments.
5. Send for signature — send the agreement to the client's Client Admin for review and signature.
6. The client reviews and signs the agreement using the same digital signature process.
7. Both parties receive a signed copy, and the agreement is verified on the blockchain.

Managing Client Agreements

From the reseller dashboard, you can:

• View the status of all client agreements (draft, pending signature, active, expired).
• Track which clients have signed and which are pending.
• Generate renewal agreements when existing contracts approach their expiry date.
• Download PDF copies of any agreement for your records.

Tips for Contract Management

• Read before you sign — this may seem obvious, but always read the full agreement before applying your digital signature. Pay particular attention to data processing terms, as these directly affect your GDPR compliance.
• Download and store PDF copies — while GDPR4All retains your agreements, maintaining your own copies is good practice. Store them in a secure, backed-up location.
• Verify integrity periodically — use the blockchain verification feature to confirm that your agreements remain unaltered, especially before audits or regulatory enquiries.
• Track expiry dates — service agreements may have fixed terms. Set reminders to review and renew agreements before they expire to avoid gaps in your contractual coverage.
• For resellers: standardise your client agreements — while each client agreement can be customised, maintaining a consistent template ensures that your legal obligations are clear and manageable across your entire client portfolio.
• Keep agreements aligned with billing — your service agreement and your billing terms should be consistent. If pricing changes, ensure the agreement is updated to reflect the new terms.

Contracts in GDPR4All are more than administrative paperwork. They are legally binding, independently verifiable records that demonstrate the formal basis of your GDPR compliance programme and the relationships that support it.