Data Processing Addendum (DPA)
This Data Processing Addendum ("DPA") sets out the terms under which Enerzyz will process Personal Data on behalf of Customer in the provision of the Services. The DPA forms part of the Customer Agreement and reflects the parties’ commitments to comply with applicable data protection law.
1. Roles & Responsibilities
As between the parties, Customer is the data controller (or equivalent) and Enerzyz acts as a data processor (or equivalent) with respect to Customer Data. Enerzyz will process Customer Data only on documented instructions from Customer, including the Agreement and this DPA.
2. Processing Details
Types of data processed: contact, account, telemetry and event data; Categories of data subjects: Customer employees, contractors and end-users. Purposes: to provide, maintain and secure the Services, billing and support, and as otherwise instructed by Customer.
3. Subprocessors & Transfers
Enerzyz may engage subprocessors to perform processing activities on its behalf. Enerzyz maintains a list of current subprocessors and will notify Customer of additions. International transfers will be subject to appropriate safeguards such as Standard Contractual Clauses or other lawful mechanisms.
4. Security Measures
Enerzyz applies technical and organizational measures appropriate to the risk, including network segmentation, encryption in transit, role-based access control, logging, monitoring, vulnerability management and incident response procedures. Detailed security measures are available under NDA or by request for enterprise customers.
5. Incident Notification & Cooperation
Enerzyz will notify Customer without undue delay after becoming aware of a Personal Data breach affecting Customer Data, provide information about the incident, and reasonably cooperate with Customer’s investigation, remediation and regulatory reporting obligations.
6. Audits & Compliance
Upon reasonable notice and subject to confidentiality and security obligations, Enerzyz will provide information necessary to demonstrate compliance and permit audits or inspections under mutually agreed terms. Customers may rely on third-party audit reports (SOC2, ISO certification) where provided.
7. Termination & Data Return/Deletion
Upon termination or expiry of the Customer Agreement Enerzyz will, at Customer’s option, return or delete Customer Data in accordance with the Agreement. Enerzyz may retain anonymized or aggregated data that does not identify individuals.
8. Contact
For DPA, subprocessors or data protection inquiries: dpa@enerzyz.com.