publix work from home jobs, publix remote jobs, publix data entry jobs

Full Time09-Jul-2026
Overview

This Data Processing Addendum (“DPA”) is entered into between Publix Super Markets, Inc., a Florida corporation, having its principal place of business at 3300 Publix Corporate Parkway, Lakeland FL 33811-3311 (together with its subsidiaries and affiliates referred to below as “Publix”) and the entity named in the Agreement, including all subsidiaries and affiliates (“Vendor”) (each as “Party”; collectively; the “Parties”) and effective as of the date of last signature below.

WHEREAS, the Parties have entered into or may in the future enter into one or more agreements (collectively, the “Agreement” for the provision of certain products or services (the “Services”) by Vendor to Publix;

WHEREAS, the Parties have agreed that, in connection with the provision of the Services, Vendor may be provided with, use, store, process, access, or otherwise receive Personal Data (as such term is defined below) from or on behalf of Publix;

IN CONSIDERATION OF mutual covenants and agreements set forth below, the Parties, intending to be legally bound, hereby agree as follows:

1. Definitions.

1.1.1 “Authorized Users” mean those employees, contractors, or agents of Vendor who are authorized to access Protected Information to perform the Services.

1.1.2 “Data Subject” means an identified or identifiable person to whom Publix Personal Data relates.

1.1.3 “Data Subject Request” means a request from a Data Subject seeking to exercise a right related to their Personal Data, either pursuant to Data Protection Laws or Publix’s privacy policy (including requests to exercise any right of access, deletion, correction, opt-out of certain disclosures, or restriction of processing).

1.1.4 “Data Protection Laws” means all applicable laws, rules, regulations, orders, or regulatory guidance relating to data security, data protection, and/or privacy.

1.1.5 “Personal Data” means any information that identifies, relates to, describes, or can be reasonably linked to a person, a household, or a person’s device.

1.1.6 “Process” and variations thereof (e.g., “Processing”) means any operation or set of operations that are performed on Personal Data and includes, without limitation, the collection, use, storage, disclosure, analysis, deletion, modification, and deidentification of Personal Data.

1.1.7 “Protected Information” means any and all data provided to Vendor by Publix, Publix’s subsidiaries and affiliates, or Publix’s vendors or that is collected by Vendor on Publix’s behalf, including but not limited to any Publix Personal Data.

1.1.8 “Publix Personal Data” means Personal Data that is provided by or on behalf of Publix or is otherwise Processed by Vendor in connection with the performance of the Services.

1.1.9 “Sell” and “Share” have the meanings assigned to those terms in Data Protection Laws.

2. Processing of Personal Data.

2.1 With respect to Publix Personal Data, the Parties agree that Publix is the Controller and Vendor Processes Personal Data as a Processor on behalf of Publix.

2.2 Publix directs Vendor to Process Personal Data during the duration of Vendor’s Agreement with Publix for the specific purpose of performing the Services, pursuant to Publix’s instructions and details of Processing as set forth at Appendix A.

2.3 Vendor shall Process Publix Personal Data in compliance with all Data Protection Laws. Vendor shall promptly advise Publix if it makes a determination that it can no longer meet its obligations under this Addendum or Data Protection Laws.

3. Data Subject Requests. Vendor shall assist Publix in responding to and implementing Data Subject Requests, including by maintaining appropriate technical and organizational measures to implement or honor such requests.

4. Assessments.

4.1 Vendor will respond promptly to reasonable requests from Publix for information necessary for Publix to assess Vendor’s data protection practices, including Vendor’s compliance with Data Protection Laws and this DPA.

4.2 Vendor will cooperate with Publix’s reasonable efforts to verify Vendor’s compliance with this DPA, which efforts may include periodic audits, not to exceed one (1) audit in any twelve (12) month period, except in the event of a Security Incident. Such audit shall be conducted by Publix (or a qualified, independent third party to audit on Publix’s behalf) at Publix’s expense, unless the results demonstrate Vendor’s material non-compliance with its obligations under Data Protection Laws and this DPA, in which case Vendor shall reimburse Publix the reasonable fees spent on such audit. Publix and Vendor shall mutually agree to the dates, times, and scope of any audit of Vendor. The assessments, work papers and other materials generated or used by Publix during the course of the audit shall be treated as Protected Information.

5. Third-Party Demands and Government Access.

5.1 Vendor shall assist Publix in the event of an investigation by any government entity or regulator relating to Publix Personal Data handled by Vendor on Publix’s behalf.

5.2 Except as is necessary to fulfil its obligations under any agreement with Publix or as required by law, Vendor shall not disclose any Publix Personal Data to any external party that is not Subprocessor. In the event that Vendor or anyone to whom it transmits the Publix Personal Data becomes legally required to disclose any such Publix Personal Data, Vendor shall provide Publix with prompt written notice so that Publix may seek a protective order or other appropriate remedy. Vendor shall furnish only that portion of the Publix Personal Data that is legally required to be furnished.

6. Security. Vendor shall comply with Publix’s requirements and Data Protection Laws regarding the handling, use, storage, security and confidentiality of Protected Information pursuant to Appendix B, Information Security Requirements.

7. General Terms.

7.1 Publix shall be entitled to take appropriate action, subject to the provisions of any Agreement, in the event that Vendor misuses Publix Personal Data or otherwise breaches the terms of this DPA, such as suspension of sharing Publix Personal Data or termination of use of Vendor.

7.2 Upon Publix’s written or emailed request, but no more than once annually (except in the event of a Security Incident (as defined in Appendix B), to which no such limit shall apply), Vendor shall provide Publix, at no additional cost, with an index describing the Protected Information being held by Vendor. Such report(s) will list each file, table, or other data store of Protected Information. For each listed file, table, or other data store, the report(s) will describe data attributes contained in the listed data set (by way of example, an attribute may be “street address,” ”customer name,” etc.) the number of records, rows, or instances stored, and the creation date for the oldest record, row, or instance stored. The report(s) shall be in a format and medium mutually agreed to by the parties, and shall be provided to Publix no less than thirty (30) calendar days from the date of Publix’s request. In addition, Vendor shall provide Publix with a file containing all Protected Information promptly upon Publix’s request in a mutually agreed-upon format and at no charge.

7.3 Vendor shall provide a representative within its organization who shall have responsibility to promptly respond to all inquiries of Publix regarding the Processing of Publix Personal Data. Vendor shall provide the contact information for such representative to Publix, and shall immediately notify Publix when the representative changes.

7.4 In the event of any conflict between this DPA and any other agreement between Publix and Vendor, this DPA will control. The obligations of this DPA shall survive for as long as the Vendor holds or Processes Publix Personal Data.

 

publix work from home jobs, publix remote jobs, publix data entry jobs