Data Processing Addendum
Last Updated: December 2024
This Data Processing Addendum ("DPA") forms part of the Terms of Service between RZX.bio (operated by Reload People Ltd., "Processor", "we", "us") and the entity or individual agreeing to these terms ("Controller", "you", "User") for the provision of the RZX.bio Services.
This DPA applies where and only to the extent that we process Personal Data on your behalf in the course of providing the RZX.bio Services, and such Personal Data is subject to Data Protection Laws.
1. Definitions
Unless otherwise defined in this DPA, capitalised terms shall have the meanings given to them in the Terms of Service. The following definitions apply to this DPA:
2. Scope and Roles
2.1 Controller and Processor
For the purposes of this DPA:
2.2 Categories of Data
The Personal Data processed under this DPA may include:
3. Processing Instructions
3.1 Purpose Limitation
We shall only process Personal Data:
3.2 Your Instructions
By using the RZX.bio Services and accepting this DPA, you instruct us to process Personal Data as necessary to:
4. Confidentiality
We shall ensure that persons authorised to process Personal Data:
5. Security Measures
5.1 Technical and Organisational Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
5.2 Security Certifications
Our infrastructure providers maintain industry-standard security certifications including ISO 27001 and SOC 2 compliance.
6. Sub-processors
6.1 Authorisation
You provide general authorisation for us to engage Sub-processors to process Personal Data. We maintain a list of current Sub-processors, which includes:
6.2 Sub-processor Obligations
We shall:
7. International Data Transfers
7.1 Transfer Mechanisms
Where Personal Data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place:
7.2 Data Localisation
Primary data storage is located within the European Union (Germany), with content delivery optimised through EU-priority edge locations.
8. Data Subject Rights
8.1 Assistance
We shall assist you in responding to requests from Data Subjects exercising their rights under Data Protection Laws, including rights to:
8.2 Direct Requests
If we receive a request directly from a Data Subject, we shall promptly notify you unless prohibited by law, and shall not respond to the request without your prior authorisation unless legally required to do so.
9. Personal Data Breach
9.1 Notification
We shall notify you without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data Breach affecting Personal Data processed on your behalf.
9.2 Breach Information
Such notification shall include:
9.3 Cooperation
We shall cooperate with you and take reasonable steps to assist in the investigation, mitigation, and remediation of the breach.
10. Audits and Compliance
10.1 Information
We shall make available to you all information necessary to demonstrate compliance with this DPA and Data Protection Laws.
10.2 Audits
We shall allow for and contribute to audits, including inspections, conducted by you or an auditor mandated by you, subject to:
11. Data Retention and Deletion
11.1 Duration
We shall process Personal Data for the duration of your use of the RZX.bio Services, unless otherwise agreed or required by law.
11.2 Deletion
Upon termination of your account or upon your written request, we shall:
11.3 Retention Period
Deletion shall be completed within 30 days of the request or account termination, except where longer retention is required by law.
12. Liability
Each party's liability under this DPA shall be subject to the limitations and exclusions of liability set out in the Terms of Service.
13. Governing Law
This DPA shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction to settle any dispute arising out of or in connection with this DPA.
14. Contact Information
For any questions regarding this DPA or data protection matters, please contact us:
15. Updates to this DPA
We may update this DPA from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated DPA on our website and updating the "Last Updated" date. Your continued use of the Services after such changes constitutes acceptance of the updated DPA.
By using RZX.bio Services, you acknowledge that you have read, understood, and agree to be bound by this Data Processing Addendum.