Data Processing Addendum

1. PURPOSE

This Data Processing Addendum (“DPA”) forms part of any service agreement between Cyber Dynamic Ltd (“Processor” or “Company”) and a client (“Controller”) where the Company processes Personal Data on behalf of the Controller in connection with GoIntel services.

This DPA is intended to comply with:

  • UK GDPR

  • Data Protection Act 2018

2. DEFINITIONS

  • Personal Data has the meaning given under UK GDPR.

  • Controller means the entity determining the purposes and means of processing.

  • Processor means the entity processing Personal Data on behalf of the Controller.

  • Data Subject means an identified or identifiable individual.

3. SCOPE OF PROCESSING

3.1 Subject Matter

Processing necessary to provide GoIntel commercial intelligence services.

3.2 Duration

For the term of the underlying service agreement.

3.3 Nature and Purpose

May include:

  • Analysis

  • Structuring

  • Organisation

  • Storage

  • Transmission

  • Review of business-related data

3.4 Types of Personal Data

May include:

  • Business contact details

  • Publicly available professional information

  • Corporate affiliation data

No special category data shall be processed unless expressly agreed in writing.

3.5 Categories of Data Subjects

  • Business professionals

  • Corporate representatives

  • Publicly listed individuals

4. PROCESSOR OBLIGATIONS

Cyber Dynamic Ltd shall:

  • Process Personal Data only on documented instructions from the Controller

  • Ensure confidentiality of authorised personnel

  • Implement appropriate technical and organisational security measures

  • Assist the Controller in responding to Data Subject rights requests

  • Assist with security and breach notification obligations

  • Delete or return Personal Data upon termination, unless retention is required by law

5. SUB-PROCESSORS

The Controller authorises the Company to engage sub-processors where necessary for service delivery (e.g., hosting providers, analytics infrastructure).

The Company shall ensure sub-processors are bound by data protection obligations equivalent to those in this DPA.

6. INTERNATIONAL TRANSFERS

Personal Data shall not be transferred outside the UK unless:

  • Adequacy regulations apply; or

  • Appropriate safeguards (e.g., International Data Transfer Agreement) are implemented.

7. SECURITY

The Company shall implement appropriate technical and organisational measures, including:

  • Access controls

  • Secure hosting

  • Encryption where appropriate

  • Confidentiality obligations

8. LIABILITY

Liability under this DPA shall be subject to the limitations set out in the underlying service agreement.

9. PRECEDENCE

In the event of conflict between this DPA and the main agreement, this DPA shall prevail in respect of data protection matters.