Data Processing Addendum (DPA) for SaaS Application

This Data Processing Addendum ("DPA") is entered into between Sales Magnet Holdings Ltd (hereinafter referred to as the "Data Controller") and Sales Magnet Business (hereinafter referred to as the "Data Processor") as of April 1, 2024.

1. Definitions

1.1 "Data Controller" shall have the meaning set forth in the General Data Protection Regulation ("GDPR").

1.2 "Data Processor" shall have the meaning set forth in the GDPR.

1.3 "Data Subject" shall have the meaning set forth in the GDPR.

1.4 "Personal Data" shall have the meaning set forth in the GDPR and shall include any Personal Data processed by the Data Processor on behalf of the Data Controller pursuant to this DPA.

1.5 "Processing" shall have the meaning set forth in the GDPR and shall include any operation or set of operations which is performed on Personal Data.

2. Purpose

The purpose of this DPA is to ensure that the Data Processor processes Personal Data on behalf of the Data Controller in compliance with applicable data protection laws, including but not limited to the GDPR.

3. Data Processing

3.1 Nature of Processing: The Data Processor shall process Personal Data on behalf of the Data Controller for the purposes of providing the Software as a Service (SaaS) application and related services to the Data Controller and its authorized users.

3.2 Duration of Processing: The Data Processor shall process Personal Data for the duration of the Agreement between the Data Controller and the Data Processor and in accordance with the instructions provided by the Data Controller.

3.3 Types of Personal Data: The types of Personal Data to be processed by the Data Processor may include, but are not limited to, user account information, contact details, and any other data provided or generated in connection with the use of the SaaS application.

3.4 Categories of Data Subjects: The categories of Data Subjects whose Personal Data may be processed by the Data Processor may include, but are not limited to, authorized users of the Data Controller's SaaS application.

4. Data Security

4.1 Security Measures: The Data Processor shall implement appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction, or damage.

4.2 Confidentiality: The Data Processor shall ensure that any person who is authorized to process the Personal Data agrees to maintain the confidentiality of such Personal Data.

5. Data Subject Rights

5.1 Assistance: The Data Processor shall provide reasonable assistance to the Data Controller in responding to requests from Data Subjects exercising their rights under the GDPR.

5.2 Data Breach Notification: In the event of a Personal Data breach, the Data Processor shall notify the Data Controller without undue delay after becoming aware of the breach.

6. Subprocessing

6.1 Authorization: The Data Processor shall not engage any third party to process the Personal Data without the prior written authorization of the Data Controller.

6.2 Obligations: In the event of engaging a subprocessor, the Data Processor shall impose data protection obligations on the subprocessor that are no less protective than those set out in this DPA.

7. Data Transfer

7.1 Restrictions: The Data Processor shall not transfer Personal Data outside the European Economic Area (EEA) without the prior written consent of the Data Controller.

7.2 Safeguards: If Personal Data is transferred outside the EEA, the Data Processor shall ensure that appropriate safeguards are in place, as required by applicable data protection laws.

8. Data Deletion

8.1 Deletion Upon Termination: Upon termination of the Agreement, the Data Processor shall, at the choice of the Data Controller, delete or return all Personal Data to the Data Controller, unless required by law to retain such Personal Data.

9. Governing Law

This DPA shall be governed by and construed in accordance with the laws of England and Wales.

10. Miscellaneous

10.1 Amendment: Any amendments or modifications to this DPA shall be made in writing and signed by both parties.

10.2 Entire Agreement: This DPA constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements and understandings, whether written or oral.

IN WITNESS WHEREOF, the parties hereto have caused this DPA to be executed by their duly authorized representatives as of April 1, 2024.