Back to Legal
Data Processing Agreement
Cyber Horizon Intelligence Ltd
Effective Date: 29 March 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Cyber Horizon Intelligence Ltd ("Processor") and Customer ("Controller").
1. Definitions
- Controller: The entity that determines the purposes and means of processing Personal Data
- Processor: The entity that processes Personal Data on behalf of the Controller
- Personal Data: As defined under UK GDPR and EU GDPR
- Subprocessor: A third party engaged by the Processor to process Personal Data
2. Scope and Roles
The Controller appoints the Processor to process Personal Data solely for the purpose of providing the Service. The Processor shall process Personal Data only on documented instructions from the Controller.
3. Nature and Purpose of Processing
- Nature: Collection, storage, organisation, analysis, retrieval, and deletion
- Purpose: Provision of cybersecurity, compliance, and analytics services
- Categories of Personal Data: Names, email addresses, account data, technical identifiers (IP, logs), any data uploaded by the Customer
4. Security Measures
- Encryption in transit and at rest
- Access controls (RBAC) and multi-factor authentication
- Logging and monitoring
- Vulnerability management
- Incident response procedures aligned with ISO 27001
5–16. Additional Provisions
- Subprocessors: Authorised with equivalent obligations; list available on request.
- International Transfers: Appropriate safeguards including SCCs and UK IDTA.
- Data Subject Rights: Processor assists Controller in responding to access, rectification, and erasure requests.
- Data Breach: Notification without undue delay upon becoming aware of a breach.
- Audits: Information available to demonstrate compliance; may be satisfied through third-party certifications.
- Retention: Personal Data deleted or returned upon termination.
- Governing Law: England and Wales.