Data Processing Addendum

Where SolArch OS processes personal data on behalf of a business customer under the GDPR or UK GDPR, the customer is the controller and SolArch OS is the processor. This DPA forms part of the agreement between the parties.

Processing is limited to providing the Service for the Subscription term and any reasonable wind-down period for data return or deletion.

We will:

• Process personal data only on documented instructions from the customer, including as set out in the Terms and Privacy Policy.
• Ensure personnel with access are bound by confidentiality.
• Implement appropriate technical and organisational measures (see Security Overview).
• Assist with data subject requests and DPIAs where reasonably required.
• Notify the customer without undue delay of a personal data breach affecting customer data.
• Delete or return personal data at termination, subject to legal retention.

Customer authorises use of subprocessors listed on our Subprocessor List. We will impose data protection terms on subprocessors and remain responsible for their performance.

Where personal data is transferred outside adequate jurisdictions, we implement appropriate safeguards as described in our Privacy Policy.

DPA and security enquiries: support@solarchos.com.