1. Parties & Scope
This Data Processing Addendum (“DPA”) forms part of the agreement between Customer (Controller) and NitroBerry (Processor).
2. Processing Details
- Subject matter: Provision of the Services
- Duration: Term of the agreement
- Nature & purpose: Hosting, storage, computation, and support
- Data subjects: Customer’s personnel, suppliers, end users
- Categories of data: Contact details, identifiers, operational data
3. Processor Obligations
- Process personal data only on documented instructions
- Ensure confidentiality and train personnel
- Implement appropriate technical and organizational measures (TOMs)
- Assist with data subject requests and DPIAs
- Notify without undue delay of personal data breaches
4. Subprocessors
We may use subprocessors with prior notice and appropriate contractual safeguards.
5. Security
Encryption in transit and at rest (where applicable), access controls, logging, backups, and incident response.
6. International Transfers
Where transfers occur, we rely on SCCs or equivalent mechanisms as required by law.
7. Audit
We will make available all information necessary to demonstrate compliance and allow audits subject to confidentiality.
8. Return/Deletion
Upon termination, we will delete or return personal data per Customer’s instructions, unless retention is required by law.