Accyio IP Limited - Data Processing Agreement

This Data Processing Agreement ("Agreement") is made effective as of February 20, 2025, by and between Accyio IP Limited ("Processor"), a company registered in the UK, and its Users ("Controller"). This Agreement outlines the terms under which the Processor will process personal data on behalf of the Controller in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

The Processor will process Personal Data only for the purposes specified in this Agreement and in accordance with documented instructions from the Controller.

Both parties agree to comply with all applicable data protection laws and regulations, including but not limited to:

1. The UK GDPR
2. The EU GDPR
3. The Data Protection Act 2018

The Controller must ensure that:

1. It has lawful grounds for processing Personal Data.
2. It provides necessary transparency to Data Subjects regarding the processing of their Personal Data.
3. It has obtained all necessary consents from Data Subjects where required.

The Processor agrees to:

1. Process Personal Data only on documented instructions from the Controller.
2. Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
3. Notify the Controller without undue delay upon becoming aware of a Security Incident.
4. Assist the Controller in responding to requests from Data Subjects exercising their rights under Applicable Data Protection Law.

The Processor may engage sub-processors to assist with processing activities. The Processor will:

1. Provide prior written notice to the Controller of any intended changes concerning the addition or replacement of sub-processors.
2. Ensure that sub-processors are bound by data protection obligations that are at least as protective as those set out in this Agreement.

Neither party shall transfer Personal Data outside the UK or EU unless it complies with applicable international data transfer requirements, including implementing Standard Contractual Clauses where necessary.

The Processor will implement appropriate security measures to protect Personal Data against unauthorized access, loss, or destruction. These measures will include:

1. Encryption
2. Access controls
3. Regular security assessments

In case of a data breach, the Processor will notify the Controller within 72 hours after becoming aware of it and provide all necessary information for compliance with breach notification obligations under Applicable Data Protection Law.

Upon termination of this Agreement, at the Controller’s choice, the Processor shall delete or return all Personal Data processed on behalf of the Controller.

Accyio IP Limited may amend or update this Agreement at any time to reflect changes in legal or regulatory requirements, industry best practices, or changes in the services provided. Notice of material changes to this Agreement will be provided to the Controller via email or through a notification within the Accyio IP Limited platform. Continued use of Accyio IP Limited's services after such notice constitutes acceptance of the amended Agreement.

This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written.

This Data Processing Agreement ("Agreement") is incorporated into and governed by the Terms and Conditions of Use of Accyio IP Limited's services. By using Accyio IP Limited's services, the Controller agrees to the terms outlined in this Data Processing Agreement.