📘 Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the contract between ORIELO ("Processor") and the Client ("Controller") for the provision of software engineering consultancy services.

2. Definitions

Terms used in this DPA shall have the meanings set out in the UK GDPR and Data Protection Act 2018.

3. Scope and Purpose

ORIELO will process personal data on behalf of the Client only for the purposes of providing the agreed services and in accordance with the Client's documented instructions.

4. Processor Obligations

ORIELO shall:

• Process personal data only on documented instructions from the Controller.
• Ensure that persons authorized to process personal data are subject to confidentiality obligations.
• Implement appropriate technical and organizational measures to ensure data security.
• Assist the Controller in responding to data subject requests.
• Notify the Controller without undue delay of any personal data breach.
• Delete or return all personal data to the Controller upon termination of services.

5. Sub-Processors

ORIELO may engage sub-processors to assist in providing services. The Controller will be informed of any intended changes concerning the addition or replacement of sub-processors.

6. Data Security

ORIELO implements industry-standard security measures including encryption, access controls, and regular security assessments to protect personal data.

7. Data Transfers

Any transfer of personal data outside the UK will be conducted in accordance with UK GDPR requirements, including appropriate safeguards.

8. Audit Rights

The Controller has the right to audit ORIELO's compliance with this DPA, subject to reasonable notice and confidentiality obligations.

9. Liability and Indemnity

Each party's liability under this DPA shall be subject to the limitations set out in the main service agreement.

10. Contact