Data Processing Addendum

This Data Processing Addendum (DPA) governs the processing of personal data by WebNexa in compliance with GDPR and other international data protection laws.

1. Definitions

For the purposes of this DPA:

  • Controller: The entity that determines the purposes and means of processing personal data
  • Processor: The entity that processes personal data on behalf of the Controller
  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Subject: The individual to whom personal data relates
  • GDPR: General Data Protection Regulation (EU) 2016/679

2. Scope and Application

This DPA applies when:

  • WebNexa processes personal data on behalf of clients
  • The processing is subject to GDPR or other data protection laws
  • WebNexa acts as a data processor for the client (data controller)

3. Roles and Responsibilities

Client as Data Controller

The client is responsible for:

  • Determining the purposes and means of processing
  • Ensuring lawful basis for processing
  • Providing necessary instructions to WebNexa
  • Responding to data subject requests
  • Conducting Data Protection Impact Assessments when required

WebNexa as Data Processor

WebNexa is responsible for:

  • Processing data only on documented instructions
  • Implementing appropriate security measures
  • Assisting with data subject requests
  • Notifying the client of data breaches
  • Maintaining records of processing activities

4. Processing Instructions

WebNexa will process personal data only:

  • On documented instructions from the client
  • For the specific purposes outlined in our service agreement
  • In accordance with applicable data protection laws
  • Within the geographical locations specified by the client

5. Categories of Data and Processing

Types of Personal Data

We may process the following categories of personal data:

  • Contact information (names, email addresses, phone numbers)
  • Business information (company names, job titles)
  • Website usage data (IP addresses, cookies, analytics)
  • Communication records (emails, chat logs, support tickets)
  • Any other data provided by the client for processing

Categories of Data Subjects

  • Website visitors
  • Client employees and representatives
  • End users of client websites
  • Prospective customers

Processing Activities

  • Website development and maintenance
  • Analytics and performance monitoring
  • Communication and support
  • Backup and disaster recovery

6. Security Measures

WebNexa implements appropriate technical and organizational measures:

Technical Measures

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security updates and patches
  • Secure development practices
  • Network security and firewalls

Organizational Measures

  • Staff training on data protection
  • Confidentiality agreements
  • Access management procedures
  • Incident response procedures
  • Regular security assessments

7. Sub-processors

WebNexa may engage sub-processors to assist with service delivery:

  • Client consent is obtained for sub-processor engagement
  • Sub-processors are bound by equivalent data protection obligations
  • WebNexa remains fully liable for sub-processor compliance
  • Current sub-processors are listed in our service agreements

8. International Data Transfers

When transferring personal data outside the EEA:

  • Transfers are made only to countries with adequate protection
  • Appropriate safeguards are implemented (Standard Contractual Clauses)
  • Client consent is obtained for transfers where required
  • Transfer impact assessments are conducted when necessary

9. Data Subject Rights

WebNexa will assist the client in responding to data subject requests:

Rights Include

  • Right of access to personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Our Assistance

  • Providing technical assistance for data retrieval
  • Implementing data corrections or deletions
  • Restricting processing when requested
  • Providing data in portable formats

10. Data Breach Notification

In case of a personal data breach:

  • WebNexa will notify the client without undue delay
  • Notification will be made within 72 hours of discovery
  • Information provided will include nature, categories, and consequences
  • WebNexa will assist with breach investigation and mitigation
  • Documentation will be maintained for regulatory compliance

11. Data Retention and Deletion

Personal data will be:

  • Retained only for the duration specified by the client
  • Deleted or returned upon termination of services
  • Securely destroyed using industry-standard methods
  • Retained longer only if required by law

12. Audits and Compliance

WebNexa will:

  • Maintain records of processing activities
  • Provide information necessary for compliance audits
  • Allow and contribute to audits by the client or appointed auditor
  • Demonstrate compliance with data protection obligations

13. Liability and Indemnification

Each party is liable for damages caused by its own non-compliance with data protection laws. WebNexa will indemnify the client for damages resulting from WebNexa's breach of this DPA.

14. Term and Termination

This DPA:

  • Remains in effect for the duration of our service agreement
  • Survives termination for data retention obligations
  • May be updated to reflect changes in data protection laws

15. Contact Information

For questions about this DPA or data processing:

  • Data Protection Officer: dpo@webnexa.com
  • Legal inquiries: legal@webnexa.com
  • Phone: +8801771770033
  • Address: Dhaka, Bangladesh

16. Effective Date

This Data Processing Addendum is effective as of January 1, 2024.

Back to Home