{ "$defs": { "Confidentiality": { "description": "Cross-cutting confidentiality classification used across privacy,\nsecurity, knowledge, IR pillars. Default rendering rule: `corpospec-report`\nexcludes `Restricted | BoardOnly | InvestorOnly` records from public output\nunless an explicit audience parameter overrides. See BDR 0076 §1.", "oneOf": [ { "const": "public", "description": "Safe to publish anywhere.", "type": "string" }, { "const": "customer", "description": "Visible to customers under standard ToS.", "type": "string" }, { "const": "internal", "description": "Employees and contractors only.", "type": "string" }, { "const": "restricted", "description": "Need-to-know subset of internal.", "type": "string" }, { "const": "board_only", "description": "Board members and direct staff.", "type": "string" }, { "const": "investor_only", "description": "Existing investors + prospective with NDA.", "type": "string" } ] }, "DpaRecordStatus": { "description": "DPA lifecycle.", "enum": [ "draft", "in_review", "signed", "active", "terminated", "superseded" ], "type": "string" }, "IsoCountry": { "description": "ISO 3166-1 alpha-2 country code.", "pattern": "^[A-Z]{2}$", "type": "string" }, "IsoDate": { "description": "ISO 8601 date (YYYY-MM-DD).", "format": "date", "type": "string" }, "PathRef": { "description": "Path-based cross-reference relative to .corpospec/ root.\nPattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`", "pattern": "^[a-z0-9_-]+(/[a-z0-9_.-]+)+$", "type": "string" }, "Subprocessor": { "description": "One contracted sub-processor.", "properties": { "flow_down_dpa_ref": { "anyOf": [ { "$ref": "#/$defs/PathRef" }, { "type": "null" } ], "description": "PathRef into the flow-down DPA." }, "jurisdiction": { "$ref": "#/$defs/IsoCountry" }, "name": { "type": "string" }, "onboarded_at": { "$ref": "#/$defs/IsoDate" }, "purpose": { "description": "Purpose for engagement.", "type": "string" } }, "required": [ "name", "jurisdiction", "purpose", "onboarded_at" ], "type": "object" }, "SubprocessorAuthorisation": { "description": "Sub-processor authorisation regime.", "oneOf": [ { "const": "specific", "description": "Specific authorisation per sub-processor (Art. 28(2) opt-in).", "type": "string" }, { "const": "general_with_objection", "description": "General authorisation with right of objection (Art. 28(2)\nflow).", "type": "string" }, { "const": "none", "description": "No sub-processors authorised.", "type": "string" } ] } }, "$id": "https://corpospec.com/schemas/v0.16.0/dpa.schema.json", "$schema": "https://json-schema.org/draft/2020-12/schema", "additionalProperties": false, "description": "DPA record.", "properties": { "art28_obligations_present": { "description": "Whether the eight Art. 28(3) processor obligations are\ncontractually present (boolean flag; the artefact is the\nauthoritative source).", "type": "boolean" }, "audit_rights": { "description": "Audit rights regime (e.g. \"30-day notice; financial audit\nindependent third party\").", "type": "string" }, "confidentiality": { "$ref": "#/$defs/Confidentiality" }, "controller": { "$ref": "#/$defs/PathRef", "description": "PathRef to controller entity." }, "data_categories": { "description": "Art. 28(3)(c) types of personal data.", "items": { "type": "string" }, "type": "array" }, "duration": { "description": "Art. 28(3)(a) duration (free-form, e.g. \"during master services\nagreement term + 30 days\").", "type": "string" }, "effective_from": { "$ref": "#/$defs/IsoDate" }, "effective_to": { "anyOf": [ { "$ref": "#/$defs/IsoDate" }, { "type": "null" } ] }, "id": { "$ref": "#/$defs/PathRef" }, "nature_and_purpose": { "description": "Art. 28(3)(b) nature and purpose.", "type": "string" }, "processing_record_ref": { "anyOf": [ { "$ref": "#/$defs/PathRef" }, { "type": "null" } ], "description": "Reference to the underlying processing record (Art. 30 ROPA)." }, "processor_jurisdiction": { "$ref": "#/$defs/IsoCountry" }, "processor_name": { "description": "Name of processor (counterparty).", "type": "string" }, "retention_until": { "$ref": "#/$defs/IsoDate", "description": "Retention: 10 years (HGB §257) + 3 years from termination\n(BGB §195)." }, "signed_document": { "anyOf": [ { "$ref": "#/$defs/PathRef" }, { "type": "null" } ], "description": "PathRef to the signed DPA PDF." }, "signed_on": { "$ref": "#/$defs/IsoDate", "description": "Date the DPA was signed." }, "status": { "$ref": "#/$defs/DpaRecordStatus" }, "subject_categories": { "description": "Art. 28(3)(d) categories of data subjects.", "items": { "type": "string" }, "type": "array" }, "subject_matter": { "description": "Art. 28(3)(a) subject matter.", "type": "string" }, "subprocessor_authorisation": { "$ref": "#/$defs/SubprocessorAuthorisation", "description": "Sub-processor authorisation regime (Art. 28(2))." }, "subprocessors": { "items": { "$ref": "#/$defs/Subprocessor" }, "type": "array" }, "transfer_mechanism": { "description": "International transfer instrument (None when not applicable).", "type": [ "string", "null" ] } }, "required": [ "id", "controller", "processor_name", "processor_jurisdiction", "subject_matter", "duration", "nature_and_purpose", "data_categories", "subject_categories", "art28_obligations_present", "subprocessor_authorisation", "subprocessors", "audit_rights", "signed_on", "effective_from", "status", "retention_until", "confidentiality" ], "title": "DataProcessingAgreement", "type": "object", "x-corpospec-pillar": "privacy" }