1. Scope and Applicability

This DPA applies to the processing of personal data by REGXA CLOUD:

• Within the scope of the EU General Data Protection Regulation (GDPR)
• Across our global network of data centers
• In connection with our cloud infrastructure services
• Subject to various international data protection laws

2. Definitions

Terms used in this DPA shall have the meanings given in applicable data protection laws, including:

• “Personal Data”: Any information relating to an identified or identifiable natural person
• “Processing”: Any operation performed on personal data
• “Controller”: The entity determining the purposes and means of processing
• “Processor”: The entity processing personal data on behalf of the controller
• “Sub-processor”: Any processor engaged by REGXA CLOUD

3. Data Processing

3.1 Processing Instructions

• We process personal data only on your documented instructions
• Processing is limited to the purposes of providing our services
• Additional processing requires prior written agreement
• We maintain records of all processing activities

3.2 Processing Locations

• Processing occurs in our global network of data centers
• Data center locations are disclosed to customers
• International transfers comply with applicable laws
• Appropriate safeguards are implemented for data transfers

4. Security Measures

We implement appropriate technical and organizational measures including:

• Encryption of personal data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Physical security at data centers
• Employee training and confidentiality agreements
• Incident response procedures

5. Sub-processing

Regarding the engagement of sub-processors:

• We maintain a list of approved sub-processors
• Changes to sub-processors are communicated in advance
• Sub-processors are bound by similar data protection obligations
• We remain liable for sub-processors' compliance

6. Data Subject Rights

We assist you in responding to data subject requests by:

• Providing appropriate technical measures
• Implementing data access and export tools
• Supporting data correction and deletion requests
• Maintaining records of data subject requests

7. Data Breach Notification

In the event of a personal data breach, we will:

• Notify you without undue delay
• Provide detailed information about the breach
• Assist with breach notifications to authorities
• Implement remediation measures

8. Audits and Inspections

• We provide audit rights and documentation
• Regular third-party security certifications
• Cooperation with customer audits
• Evidence of compliance measures

9. Data Return and Deletion

Upon service termination:

• Return of personal data upon request
• Secure deletion of data after return period
• Deletion verification procedures
• Retention of legally required data

10. International Data Transfers

For international data transfers, we ensure:

• Compliance with EU Standard Contractual Clauses
• Implementation of additional safeguards
• Transparency about transfer mechanisms
• Regular assessment of transfer impacts

11. Contact Information

For DPA-related matters:

• Submit inquiries through your REGXA CLOUD Dashboard
• Visit www.regxa.com for more information