Frequently Asked Questions
A DPA is an agreement that governs the scope, purpose, and parameters of a data processing relationship. DPAs are generally triggered when one
DPAs typically contain clauses regarding data retention, deletion, disclosure, audit, security, and access responsibilities. Content is influenced—and often mandated—by privacy legislation, most notably the General Data Protection Regulation 95/46/EC. Our DPA also incorporates terms based on the requirements found in the California Consumer Privacy Act of 2019.
From time-to-time, DPAs are updated to reflect new and evolving local and international privacy laws and regulations. We recommend that our partners periodically check this site for a copy of our latest DPA, which may include modified or new terms.
“Processing” is broadly construed to mean performing an operation or set of operations on personal information, such as collecting, recording, altering, using, storing, adapting, and/or disclosing such data.
Any personally-identifiable information that does or could be linked directly or indirectly with a person can be considered personal information or data. For example, personal information could include a name, address, or telephone number.
If a vendor or partner is going to process personal information on Cadence’s behalf, pursuant to Cadence’s instructions, and as part of the vendor’s provision of products and/or services to Cadence under a separate commercial agreement, then we will require the parties to execute a DPA.
Generally, no. Cadence typically does not act as a processor, as that term is construed under applicable privacy legislation, of personal information on behalf of its customers. In rare cases where you require Cadence to act as a processor, please contact the Cadence Legal Team for further guidance.