Data Processing Agreement

This Data Processing Agreement applies where we process personal data on your behalf in the course of providing Maya OS. For such data, you act as the controller and we act as the processor, each fulfilling the obligations the GDPR assigns to those roles.

We process personal data only on your documented instructions, including with respect to international transfers, unless required to do otherwise by law — in which case we will inform you before processing, where legally permitted.

We ensure that personnel authorized to process personal data are bound by appropriate confidentiality commitments and are trained on their data protection responsibilities before being granted access.

We implement and maintain technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, network segmentation, logging, and regular testing of the effectiveness of those measures.

You provide general authorization for us to engage subprocessors, subject to written terms that impose data protection obligations no less protective than those in this agreement. We maintain a current list and will give notice of intended additions or replacements.

Taking into account the nature of processing, we assist you with appropriate measures to fulfil data subject requests and to meet your obligations regarding security, breach notification, impact assessments, and consultation with supervisory authorities.

Upon termination of the services, we will, at your choice, delete or return all personal data and delete existing copies unless retention is required by applicable law. We notify you without undue delay upon becoming aware of a personal data breach.