EKSNEKS

Data processing.

Effective date: 13 July 2026 Last updated: 13 July 2026 EDGENOVA LLC
DRAFT — pending legal counsel review before public reliance.

This Data Processing Addendum ("DPA") forms part of the services agreement between EDGENOVA LLC ("Processor") and the client ("Controller") whenever the Processor processes personal data on behalf of the Controller in the course of providing engineering services.

Where required by GDPR Article 28, this DPA is deemed executed by the parties when the Controller counter-signs the underlying services agreement. A signed PDF version is available on request from [email protected].

01Roles

The Controller determines the purposes and means of processing personal data. The Processor (EDGENOVA LLC) processes personal data only on the documented instructions of the Controller, as set out in the services agreement, the SOW, and this DPA.

02Nature and duration

Nature and purpose: engineering, hosting, automation, technical support. Duration: the term of the services agreement. Categories of data subjects: Controller's end-users, employees, contractors, prospects. Categories of personal data: contact details, account identifiers, technical logs, plus any additional categories defined in the SOW.

03Sub-processors

The Processor may engage sub-processors listed on the Sub-processors page. The Controller grants general authorisation to engage sub-processors, subject to the Processor imposing contractual obligations at least as protective as this DPA. The Processor gives the Controller at least 30 days' notice of new sub-processors and honours reasoned objections.

04International transfers

Where personal data is transferred outside the EEA or UK to a country without an adequacy decision, the parties incorporate the EU Standard Contractual Clauses (Commission Decision 2021/914) — Module 2 (Controller-to-Processor) — by reference. The UK IDTA applies to UK transfers.

05Security measures

  • TLS 1.3 for data in transit; AES-256 for data at rest.
  • Access on a need-to-know basis with individual accounts and MFA.
  • Encrypted backups, tested restore procedure, 30-day retention.
  • Access and change logging retained for at least 90 days.
  • Written incident-response procedure with 72-hour breach notification.

06Data subject requests and audits

The Processor assists the Controller with data subject access, rectification, deletion and portability requests within reasonable timeframes. The Processor makes available all information necessary to demonstrate compliance and permits audits at reasonable intervals and with reasonable notice.

07Return and deletion

On termination, the Processor returns or deletes personal data on the Controller's written instruction, subject to legal retention requirements (typically 10 years for accounting records).

08Signed copies

A counter-signed DPA is available on request. Email [email protected] with your company name and the SOW reference; we return a PDF within one business day.