DarkX

DPA

This Addendum supplements the Master Purchase and Services Agreement between the Company and DARKX, outlining the terms related to the purchase and use of Products and Services.

In the event of any conflict between this Addendum and the Service Agreement, the terms of this Addendum shall prevail.

1. Purpose and Scope

  • This Addendum governs the processing of Personal Data under GDPR and CCPA.
  • It incorporates EU Model Clauses for transferring Personal Data outside the EEA.
  • DARKX will process Personal Data only according to the Company’s instructions and only as necessary to provide services.

2. Definitions

Personal Data

As defined under GDPR and “Personal Information” under the CCPA.

Subprocessor

Any third party engaged by DARKX to process Personal Data.

EU Model Clauses

Standard contractual clauses approved by the European Commission.

3. Responsibilities for Data Processing

  • The Company determines the purpose and scope of Personal Data processing.
  • DARKX processes Personal Data only under written instructions.
  • DARKX may only use approved Subprocessors.
  • Both parties agree to implement technical and organizational security measures.

4. Subprocessors

  • Approved subprocessors include Amazon Web Services and Google.
  • DARKX will notify the Company regarding any additions or changes to subprocessors.
  • The Company will have 30 days to object to any new subprocessor.

5. Data Transfers

  • Transfers of Personal Data originating in the EEA are governed by EU Model Clauses.
  • DARKX must obtain approval before transferring data to jurisdictions without adequate data protection.

6. Security Measures

Both parties agree to implement security measures including:

  • Access control systems.
  • Encryption and pseudonymization.
  • Regular security audits.
  • Incident response procedures.
  • Measures ensuring confidentiality, integrity, and resilience of systems.

7. Incident Management

  • DARKX must notify the Company of any Personal Data breach or security incident.
  • Notifications will include details of affected data and mitigation steps.

8. Return or Deletion of Data

Upon termination of the Service Agreement, DARKX will securely return or delete all Personal Data unless retention is required by applicable law.

9. Support for Data Controller

DARKX will support the Company in fulfilling obligations under GDPR and CCPA, including responding to Data Subject requests and assisting with Data Protection Impact Assessments.