Data Privacy and Security Addendum (DPSA) requirements:
The Data Privacy and Security Addendum (DPSA) is part of the contract document that forms the contractual relationship between controller and processor for data protection. It is also used for joint controller engagements. Carnival Corporation uses this document globally, so there are optional sections that are required for European contracts.
- Processes personal data (frequently known as PII) or Carnival confidential information
- Requires connectivity or access to Carnival network or applications
- Utilizes cloud-based services (must comply with the Cloud Computing policy)
The DPSA replaces the CPIP, which was used until August 1, 2019.
Click here to view and download DPSA
Click here to view and download the Security and Privacy Requirements