Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

This Data Processing Agreement ("Agreement") forms part of the contract between OPSAPP GLOBAL LIMITED (Company Number 16903097), trading as OPS-APP (the "Processor"), and the customer entity identified in the applicable service agreement or order form (the "Controller").

This Agreement is entered into to comply with Article 28 of the UK General Data Protection Regulation (UK GDPR).

1. Definitions

• Applicable      Data Protection Law means the UK GDPR, Data Protection Act 2018, and any      applicable ICO guidance.
• Controller      means the entity that determines the purposes and means of processing      personal data.
• Processor      means OPS-APP, processing personal data on behalf of the Controller.
• Personal      Data means any information relating to an identified or identifiable      natural person.
• Processing      has the meaning given in UK GDPR.

2. Scope and Roles

The Controller appoints OPS-APP as a Processor to process Personal Data solely for the purpose of providing the OPS-APP Services.

OPS-APP shall:

• Process      Personal Data only on documented instructions from the Controller
• Not      process Personal Data for its own purposes
• Inform      the Controller if instructions conflict with Applicable Data Protection      Law

3. Details of Processing

Subject matter: Provision of a SaaS platform for inspections, compliance, maintenance, and operational management

Duration: For the term of the Services and any retention period required by law

Nature and purpose: Hosting, storage, access, and processing of operational and compliance-related data

Categories of data subjects:

• Employees
• Contractors
• Site      operatives
• Authorised      platform users

Types of personal data:

• Names      and contact details
• User      IDs and login credentials
• Inspection      and compliance records
• QR-code      logs and audit trails
• User      activity data

4. Security Measures

OPS-APP shall implement appropriate technical and organisational measures, including:

• Secure      cloud hosting environments
• Role-based      access controls
• Encryption      where appropriate
• Regular      security reviews

5. Sub-processors

The Controller authorises OPS-APP to engage sub-processors for service delivery.

OPS-APP shall:

• Ensure      sub-processors are bound by equivalent data protection obligations
• Remain      liable for sub-processor compliance
• Provide      a list of sub-processors on request

6. International Transfers

Where Personal Data is transferred outside the UK, OPS-APP shall ensure appropriate safeguards, including UK-approved Standard Contractual Clauses.

7. Data Subject Rights

OPS-APP shall assist the Controller, where reasonably possible, in responding to requests from data subjects to exercise their rights under UK GDPR.

8. Personal Data Breaches

OPS-APP shall notify the Controller without undue delay after becoming aware of a personal data breach and provide reasonable assistance in meeting regulatory obligations.

9. Audits and Compliance

OPS-APP shall make available information reasonably necessary to demonstrate compliance with this Agreement and allow audits where required by law, subject to reasonable notice and confidentiality safeguards.

10. Data Return or Deletion

Upon termination of the Services, OPS-APP shall, at the Controller’s choice, delete or return Personal Data unless retention is required by law.

11. Confidentiality

OPS-APP shall ensure that persons authorised to process Personal Data are subject to confidentiality obligations.

12. Liability

Liability arising from data protection obligations shall be subject to the limitations set out in the main Services Agreement.

13. Contact Details

Processor:
OPSAPP GLOBAL LIMITED (trading as OPS-APP)
27 Shropshire Road
Scampton
Lincoln
England
LN1 2UE

Email: info@ops-app.com

This Agreement is effective as of the date the Controller enters into a contract for OPS-APP Services.