Data Processing Addendum
Data Processing Details
- ▹All data processing activities conducted under this Addendum will comply with GDPR Article 28 requirements.
- ▹Processing duration: For the term of the Master Agreement plus return/destruction period
- ▹Nature/purpose: Provision of AI training services and related technical support
- ▹Data categories: Technical data, interaction data, anonymized behavioral patterns
Security Measures
- ▹ISO 27001:2022 certified infrastructure
- ▹End-to-end encryption for data in transit and at rest
- ▹Annual penetration testing and vulnerability assessments
- ▹GDPR-compliant data breach notification protocol (<24hr escalation)
Sub-Processing
- ▹Authorized sub-processors listed in Annex III
- ▹30-day notification period for new sub-processors
- ▹Flow-down obligations in all sub-processing agreements
- ▹Liability maintained with primary processor
Intl. Data Transfers
- ▹EU-US DPF and UK Extension framework compliance
- ▹SCCs (2021) incorporated by reference
- ▹Transfer Impact Assessments available upon request
- ▹Data localization options in EU/UK/US regions
Annex I - Technical & Organizational Measures
Pseudonymization of personal data
Regular security awareness training
Access control via RBAC and MFA
Daily encrypted backups (7-year retention)
Network segmentation and intrusion detection
Physical data center security (Biometric access)
Governing Law
This DPA is governed by the laws of Ireland (GDPR Art. 27 Representative)
EU Representative
AI Governance Ltd
Dublin, Ireland
dpa@aigovernance.eu
Version Control
Current: v3.1.2
Revision History