Data Processing Agreement

Obsydia Technologies Ltd

Contact: contact@obsydia.tech
Technical Support: support@obsydia.tech

1. Scope and Application

This Data Processing Agreement (DPA) applies when Obsydia Technologies processes personal data on your behalf as part of providing Obsydia Core0 services. You remain the data controller, and we act as your data processor.

2. Data Processing Details

Subject Matter: Provision of self-hosted data protection infrastructure software and related support services.

Duration: For the term of your service agreement and any required retention period.

Nature and Purpose: Technical support, license management, service provision, and security monitoring.

Categories of Data: Contact information, technical logs, usage data, support communications.

Data Subjects: Your employees, contractors, and authorised users.

3. Your Obligations as Controller

You must: (a) ensure you have lawful basis for processing; (b) provide appropriate privacy notices; (c) only instruct us to process data in accordance with applicable law; (d) implement appropriate technical and organisational measures.

4. Our Obligations as Processor

We will: (a) process data only on your documented instructions; (b) ensure confidentiality of processing personnel; (c) implement appropriate security measures; (d) assist with data subject requests and compliance obligations; (e) notify you of any data breaches.

5. Security Measures

We implement appropriate technical and organisational measures including: encryption of data in transit and at rest; access controls and authentication; regular security testing; incident response procedures; staff security training.

6. Sub-Processing

We may engage sub-processors for specific processing activities. We will: (a) maintain a list of authorised sub-processors; (b) ensure sub-processors provide adequate guarantees; (c) remain liable for sub-processor compliance; (d) notify you of any changes to sub-processors.

7. International Transfers

Data is processed in the UK. Any international transfers will be protected by appropriate safeguards including adequacy decisions, standard contractual clauses, or other legally recognised mechanisms.

8. Data Subject Rights

We will assist you in responding to data subject requests for access, rectification, erasure, restriction, portability, and objection. We will respond to your requests for assistance within a reasonable timeframe.

9. Data Protection Impact Assessments

Where required, we will provide reasonable assistance with data protection impact assessments and consultations with supervisory authorities relating to processing activities.

10. Data Breach Notification

We will notify you without undue delay (and in any case within 24 hours) after becoming aware of any data breach affecting your personal data, providing all relevant information for your assessment and reporting obligations.

11. Audits and Compliance

We will provide information necessary to demonstrate compliance and allow for audits. We maintain documentation of our processing activities and security measures for your review upon reasonable request.

12. Data Deletion and Return

Upon termination of services, we will delete or return all personal data and delete existing copies unless retention is required by law. We will provide certification of deletion upon request.

Last updated: March 2026
Compliant with UK GDPR and Data Protection Act 2018