Log inGet started
Get started
Login

Data Processing Agreement (DPA)

Last Updated: 31st October 2025

This Data Processing Agreement ("DPA") is entered into between: Customer ("Controller") and Ectoprocta Technologies Limited ("Processor", "Bryozoan", "we", "our"), a company registered in England and Wales, and forms part of the Terms and Conditions or other written agreement governing the provision of Bryozoan AI Services (the "Agreement").

1. Purpose and Scope

This DPA sets out the terms under which Bryozoan will process personal data on behalf of the Customer in the course of providing the Services, in compliance with the UK GDPR, the Data Protection Act 2018, and any other applicable data protection legislation.

2. Definitions

  • Check"Controller" means the entity that determines the purposes and means of processing personal data.
  • Check"Processor" means the entity that processes personal data on behalf of the Controller.
  • Check"Personal Data" means any information relating to an identified or identifiable natural person.
  • Check"Data Subject" means the individual whose personal data is processed.
  • Check"Sub-Processor" means a third party engaged by Bryozoan to process personal data.

3. Roles and Responsibilities

  • CheckThe Customer acts as Controller.
  • CheckBryozoan acts as Processor.
  • CheckBoth parties agree to comply with their obligations under applicable data protection laws.

4. Processing Instructions

Bryozoan will only process personal data:

  • CheckOn documented instructions from the Controller.
  • CheckTo provide, maintain, and improve the Services.
  • CheckAs required by law (with prior notice to the Controller, unless prohibited).

5. Data Categories and Processing Activities

  • CheckTypes of Personal Data: contact details (name, email, job title), communication content, usage data.
  • CheckCategories of Data Subjects: Customer's employees, contractors, prospects, leads, and business contacts.
  • CheckNature of Processing: storage, transmission, organisation, analysis, and communication automation.
  • CheckPurpose of Processing: to provide AI-driven sales outreach and related services.
  • CheckDuration of Processing: for the term of the Agreement and as required by law.

6. Security

Bryozoan implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • CheckData encryption in transit and at rest.
  • CheckAccess controls and authentication.
  • CheckRegular monitoring, testing, and security audits.

7. Sub-Processors

  • CheckBryozoan may engage Sub-Processors to provide hosting, storage, analytics, or other services.
  • CheckA list of current Sub-Processors will be provided upon request.
  • CheckBryozoan ensures Sub-Processors are bound by data protection obligations equivalent to this DPA.
  • CheckController will be notified of any intended changes regarding Sub-Processors and may object on reasonable grounds.

8. International Data Transfers

If personal data is transferred outside the UK, Bryozoan will ensure such transfers comply with applicable laws, using:

  • CheckAdequacy regulations, or
  • CheckStandard Contractual Clauses (SCCs) or UK-approved transfer mechanisms.

9. Data Subject Rights

Bryozoan will assist the Controller, to the extent possible, in fulfilling obligations to respond to Data Subject requests, including rights of:

  • CheckAccess, rectification, deletion, portability, restriction, and objection.

10. Data Breach Notification

In the event of a personal data breach, Bryozoan will:

  • CheckNotify the Controller without undue delay after becoming aware of the breach.
  • CheckProvide sufficient information to support the Controller's reporting obligations.
  • CheckCooperate with the Controller to investigate and remediate the breach.

11. Audits and Compliance

  • CheckBryozoan will make available all information necessary to demonstrate compliance with this DPA.
  • CheckThe Controller may conduct audits, subject to reasonable notice and without disrupting normal operations.

12. Return or Deletion of Data

Upon termination of the Agreement, Bryozoan will, at the Controller's choice:

  • CheckDelete all personal data, or
  • CheckReturn personal data in a structured, commonly used format, unless retention is required by law.

13. Governing Law and Jurisdiction

This DPA and any dispute or claim arising out of or in connection with it shall be governed by the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction.

14. Contact Information

For data protection inquiries, please contact: Ectoprocta Technologies Limited

Email: info@bryozoan.co

Back to Home