1. Parties: Identification of the Data Controller and Data Processor, including full legal names, registration details, and addresses
2. Background: Context of the agreement, relationship between parties, and purpose of the data processing arrangement
3. Definitions: Key terms used in the agreement, including those from GDPR Article 4 and additional contract-specific terms
4. Scope and Purpose of Processing: Detailed description of what personal data will be processed and for what specific purposes
5. Duration of Processing: Term of the processing activities and agreement, including start date and termination provisions
6. Nature and Purpose of Processing: Specific details about how the data will be processed and the legitimate basis for processing
7. Obligations of the Processor: Core processor obligations under GDPR Article 28, including processing only on documented instructions
8. Obligations of the Controller: Controller's responsibilities, including providing documented instructions and ensuring legal basis for processing
9. Confidentiality: Confidentiality obligations for processor and their personnel handling the data
10. Technical and Organizational Measures: Security measures required under GDPR Article 32
11. Sub-processing: Conditions and requirements for engaging sub-processors
12. Data Subject Rights: Processor's obligations to assist controller in responding to data subject requests
13. Data Breach Notification: Procedures and timeframes for notifying controller of any personal data breaches
14. Audit Rights: Controller's rights to audit and processor's obligations to contribute to audits
15. Data Return and Deletion: Obligations regarding data handling upon termination of services
16. Liability and Indemnification: Allocation of liability and indemnification obligations between parties
17. Governing Law and Jurisdiction: Specification of Austrian law as governing law and jurisdiction for disputes
