Data Processing Agreement (DPA)

Introduction

This Data Processing Agreement ("DPA") is made between:

You (the "Customer"), who acts as the Data Controller, and
Us (the "Provider"), a Northern Ireland-incorporated B2B SaaS company, who acts as the Data Processor.

We created this DPA to explain how we handle your personal data when we help you create digital twins of infrastructure in the UK and Ireland. By signing or accepting our main agreement (the "Agreement"), you also agree to this DPA.

Purpose

We process your data only to deliver and improve our digital twin services. We promise not to share your data with other clients. However, we do use your data in a combined, anonymized way to improve our tools and features for everyone.

Definitions

Data Controller: The person or group (you, the Customer) who decides why and how personal data is used.
Data Processor: The person or group (us, the Provider) who processes data on the Controller's behalf.
Personal Data: Any information that can identify an individual, such as a name or unique ID.
Processing: Any action performed on personal data, like storing, analyzing, or deleting.
Sub-processor: Another company the Provider hires to help with data processing (for example, a hosting service).

Data We Process

Infrastructure Data: Data about buildings, utilities, or other assets you upload to our Service.
User Information: Names and login details for your team members or other users accessing the Service.
Integration Data: If you choose to connect our Service to your back-end systems, we may process additional data those systems share with us.

Our Responsibilities

Following Instructions: We will process your data only as you instruct us to do in the Agreement or this DPA.
Security: We will use reasonable security measures to protect your data from unauthorized access, loss, or damage.
No Data Sharing: We will not share your personal data with other clients.
Service Improvements: We may use information from all clients in an anonymized way (so no one can identify you) to improve our services.
Sub-processors: If we hire any sub-processor, we will make sure they protect data at the same level as we do. We will also inform you if we add or change a sub-processor, and give you a chance to object if needed.

Your Responsibilities

Lawful Data Collection: You confirm you have the right to collect and share the personal data you provide.
Instructions to Us: You will give us clear instructions on how to handle your data.
User Access: You decide which of your staff or partners can access the Service, and you are responsible for their actions within our platform.
Compliance: You agree to follow all laws about data protection, including the General Data Protection Regulation (GDPR) if it applies to you.

Data Subject Rights

If someone wants to see, correct, or delete their personal data (often called a "data subject request"), we will help you fulfill that request. You are responsible for communicating with the data subject, and we will cooperate as needed.

Transfers Outside the EEA

If we need to transfer personal data outside the European Economic Area (EEA), we will follow GDPR rules. This may include using Standard Contractual Clauses or other measures.

Data Retention

We keep personal data only as long as needed to provide the Service or meet our legal obligations. When you stop using our Service, or if you ask us to delete your data, we will remove it or anonymize it unless the law says we must keep it.

Data Breach

If we notice a security breach that affects your personal data, we will tell you as soon as possible and take steps to fix the issue.

Ending or Changing This DPA

If the Agreement ends, this DPA also ends. However, any parts of this DPA meant to protect data after the Agreement ends will still apply. If we change this DPA, we will notify you and post the updated version.

Governing Law

This DPA is governed by the laws of the Republic of Ireland. If there are any conflicts about this DPA, they will be solved in the Irish courts, unless otherwise stated in the Agreement.