Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") is entered into by and between Serviks LTD (trading as ServX) and the User (referred to as the "Data Processor") and governs the processing of personal data on behalf of ServX in compliance with GDPR (General Data Protection Regulation).

1. Definitions
   1. Personal Data: Any information relating to an identified or identifiable natural person, as defined under GDPR.
   2. Processing: Any operation performed on personal data, such as collection, storage, retrieval, or deletion.
   3. Controller: ServX, the entity that determines the purposes and means of processing personal data.
   4. Processor: The User, who processes personal data on behalf of ServX.
   5. Data Subject: Any natural person whose personal data is processed under this DPA.
2. Roles and Responsibilities
   1. ServX as Controller: ServX acts as the Data Controller and determines the purposes and means of processing personal data through the app or services provided.
   2. User as Processor: The User acts as the Data Processor, responsible for processing data according to ServX’s instructions under this DPA and GDPR.
3. Data Processing Instructions
   1. Processing Scope: The Processor agrees to process personal data only for purposes outlined by ServX and as necessary to fulfill obligations in the License Agreement.
   2. Data Types Processed: The User may process the following types of personal data:
      • Device information (e.g., device model, operating system)
      • IP addresses
      • User activity logs
      • Account and payment data
   3. Duration of Processing: The Processor shall process the data for the duration of the service agreement or until this DPA is terminated.
4. Data Subject Rights
   1. Access Requests: The User agrees to assist ServX in responding to requests from Data Subjects, including requests to access, correct, or delete personal data.
   2. Rectification and Deletion: If a Data Subject requests rectification or deletion, the Processor must act promptly and inform ServX.
5. Security Measures
   1. Confidentiality: The Processor agrees to implement and maintain technical and organizational measures to ensure the confidentiality and security of personal data, including encryption, access control, and regular penetration tests.
   2. Data Breaches: The Processor agrees to notify ServX within 48 hours of becoming aware of any data breach affecting personal data.
6. Subprocessing
   1. Subprocessor Engagement: The Processor shall not engage third parties for data processing without the prior written consent of ServX.
   2. Subprocessor Obligations: The Processor ensures that all subprocessors comply with GDPR, including confidentiality, security measures, and audit cooperation.
   3. Responsibilities: The Processor remains liable for any acts or omissions of the subprocessor.
7. International Data Transfers
   1. Data Transfers: Personal data shall not be transferred outside of the European Economic Area (EEA) unless appropriate safeguards (e.g., Standard Contractual Clauses) are in place, as approved by ServX.
8. Audit Rights
   1. Audit: ServX reserves the right to conduct audits, including penetration testing and security assessments, to verify compliance with this DPA and GDPR. The Processor agrees to cooperate fully with any such audits.
9. Notification of Legal Requests
   1. Legal Requests: If the Processor receives any legal request or court order regarding data processing, it must notify ServX before responding, unless prohibited by law.
10. Data Protection Officer
    1. Appointment of DPO: ServX shall appoint a Data Protection Officer (DPO) who is responsible for overseeing compliance with GDPR and coordinating with the Processor as needed.
11. Term and Termination
    1. Term: This DPA will remain in force for the duration of the User’s relationship with ServX.
    2. Termination: Upon termination of the License Agreement, the Processor must delete or return all personal data to ServX unless legally required to retain it.
12. Liability
    1. Breach of GDPR: In the event of a breach of GDPR, the Processor agrees to indemnify ServX for any damages, fines, or penalties resulting from such a breach.
13. Miscellaneous
    1. Amendments: Any amendments to this DPA must be in writing and agreed upon by both parties.
    2. Governing Law: This DPA is governed by the laws of England and Wales, and any disputes shall be resolved under the exclusive jurisdiction of the courts of London.