Data Processing Addendum

This Data Processing Addendum ("DPA") applies when DirectiveOps ("Processor") processes personal data on behalf of the Customer ("Controller") in connection with the DirectiveOps hosted service, and where applicable data protection law (e.g., GDPR, UK GDPR, CCPA) requires a contract governing such processing. It is incorporated by reference where the Customer has accepted the Terms of Service and the Service involves processing of personal data.

The Customer is the Controller (or Processor acting on behalf of a Controller); DirectiveOps is the Processor. We process personal data only on documented instructions from the Customer (including as set out in the Terms and this DPA), unless required by law. We will inform the Customer if we believe an instruction infringes applicable data protection law.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as described in our Security Policy. We ensure that persons authorized to process personal data are bound by confidentiality obligations.

We may engage subprocessors to process personal data. We maintain a Subprocessor List and will provide notice of changes where required by law or our commitments. We impose data protection terms on subprocessors that are substantially equivalent to this DPA.

We assist the Customer in responding to data subject requests and in ensuring compliance with obligations regarding security, breach notification, and data protection impact assessments, to the extent necessary and taking into account the nature of processing and information available to us.

Upon termination of the Service or upon the Customer's request, we will return or delete personal data in our possession, unless we are required to retain it by law. Deletion will be completed within the timeframe specified in our documentation or as agreed.

We will make available to the Customer information necessary to demonstrate compliance with this DPA and will allow for and contribute to audits or inspections as required by applicable data protection law, subject to reasonable notice and confidentiality obligations.

For data protection inquiries: privacy@directiveops.dev. See the Contact and Legal Notice document for our address.