DPA
Data Processing Agreement
This DPA applies to EU and UK business customers who need a GDPR / UK GDPR data processing agreement.
Overview
A DPA sets out how AlphaClone processes personal data on behalf of a customer when the customer acts as the controller and AlphaClone acts as the processor.
Parties
AlphaClone Systems LLC acts as the Processor. The customer acts as the Controller.
Subject matter
The subject matter is the processing of personal data through the AlphaClone platform in connection with SaaS services described in the Terms of Service.
Types of data
Processed data may include names, email addresses, company information, usage data, and any data the customer uploads to the platform.
Processor obligations
- Process only on documented instructions from the Controller.
- Keep personnel under confidentiality obligations.
- Implement appropriate technical and organizational security measures.
- Use sub-processors only under written terms and remain responsible for them.
- Assist with data subject rights requests, deletion, and return or deletion on termination.
- Provide reasonable audit assistance when requested.
Sub-processors
AlphaClone currently relies on the following sub-processors:
International transfers
Personal data may be transferred to the United States and protected by Standard Contractual Clauses where required.
Security measures
Security includes encryption at rest and in transit, access controls, least-privilege access, logging, and regular security reviews.
Data subject rights
The Processor will assist the Controller with data subject requests within 72 hours of receiving the request or instruction.
Breach notification
If AlphaClone becomes aware of a personal data breach, it will notify the Controller within 72 hours.
Governing law
This DPA is governed by the laws of Wyoming, USA, while still acknowledging GDPR and UK GDPR compliance requirements.
Signatures
Controller: customer authorized signatory.
Processor: AlphaClone Systems LLC, signed by Bornface Masilo.