Data Processing Agreement

This Data Processing Agreement (DPA) and Record of Processing describes how DPP Global ("Processor") handles personal data on behalf of your factory ("Controller") under GDPR Article 28 and DPDPA 2023.

1. Roles

The factory is the Controller of its product and account data; DPP Global is the Processor, acting only on documented instructions.

2. Categories of data & subjects

• Subjects: factory staff and authorised user accounts.
• Data: names, work contact details, role, authentication data, and product compliance records.

3. Sub-processors

• Amazon Web Services (EU Frankfurt) — hosting & storage.
• Cloudflare — edge delivery & security.
• Email/notification providers used solely to deliver service messages.

4. International transfers

Primary processing occurs in the EU. Any transfer outside the EEA relies on Standard Contractual Clauses and appropriate safeguards.

5. Security & breach

We apply the controls in our Security Policy and will notify the Controller without undue delay (and within 72 hours where feasible) of any personal-data breach.

6. Sub-processor changes & deletion

We give notice of new sub-processors and, on termination, delete or return personal data per your instruction, subject to legal retention duties.