Data Processing Agreement
Last updated: 1 June 20261. Scope
This Data Processing Agreement (DPA) forms part of any service agreement between Pyralink Innovation Ltd (the "Processor") and the client (the "Controller") where the Processor processes personal data on behalf of the Controller in connection with the provision of services.
2. Processor obligations
Pyralink Innovation Ltd shall: process personal data only on documented instructions from the Controller; ensure that persons authorised to process the personal data are bound by confidentiality obligations; implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk; and not engage another processor without prior specific or general written authorisation from the Controller.
3. Sub-processing
The Controller provides general authorisation for Pyralink Innovation Ltd to engage sub-processors, subject to notification and the right to object. Current sub-processors include cloud infrastructure providers and communication tools, each bound by terms no less protective than this DPA.
4. Data subject rights
The Processor shall assist the Controller in fulfilling its obligations to respond to data subject requests under UK GDPR, taking into account the nature of the processing.
5. Personal data breach
Pyralink Innovation Ltd shall notify the Controller without undue delay upon becoming aware of a personal data breach affecting Controller data. The notification shall include the nature of the breach, categories of data involved, and measures taken or proposed.
6. Data retention and deletion
Upon termination of services, the Processor shall delete or return all personal data to the Controller, unless retention is required by applicable law.
7. Governing law
This DPA is governed by the laws of England and Wales and is subject to the exclusive jurisdiction of the courts of England and Wales.
For DPA enquiries: info@pyralink.co.uk.