Data Processing Addendum (DPA)
Effective date:
1. Definitions
“Controller”, “Processor”, “Data Subject”, “Personal Data”, and “Processing” have the meanings given in UK GDPR.
2. Subject Matter & Duration
This DPA applies to processing of Personal Data by KAZIVAN LTD as Processor on behalf of the Customer and remains in force for the term of the underlying agreement.
3. Nature & Purpose of Processing
Provision of data processing, hosting, analytics, and related support services.
4. Types of Personal Data & Categories of Data Subjects
Data types and Data Subjects are specified in Annex I.
5. Obligations of the Processor
- Process Personal Data only on documented instructions;
- Ensure personnel confidentiality and training;
- Implement technical and organisational measures (Annex II);
- Assist Controller with Data Subject requests and DPIAs;
- Delete or return Personal Data upon termination.
6. Sub-processing
Sub-processors are listed in Annex III. Processor will notify Controller of changes and allow objections.
7. International Transfers
Transfers outside the UK use appropriate safeguards such as UK Standard Contractual Clauses.
8. Audit
Processor shall make available information necessary to demonstrate compliance and allow audits once per year.
9. Liability
Liability provisions follow the main agreement. Nothing limits rights of Data Subjects under UK GDPR.
10. Miscellaneous
If any provision of this DPA is invalid, the remainder remains in effect. This DPA is governed by English law.
Annex I – Details of Processing
Nature: Storage, organisation, analysis.
Duration: Contract term.
Categories of data: Contact data, usage data, content data.
Data subjects: Customer employees, end-users.
Annex II – Technical & Organisational Measures
- Encryption in transit (TLS 1.2+) and at rest;
- Role-based access control;
- Multi-factor authentication for privileged accounts;
- Regular vulnerability scanning and patching;
- Daily off-site backups.
Annex III – Approved Sub-processors
| Entity | Service | Location |
|---|---|---|
| DigitalOcean LLC | Cloud Infrastructure | London (UK) |
| Mailgun Technologies Inc. | Email Delivery | EU Region |
Template DPA — not legal advice. Consult qualified counsel to adapt for your circumstances.