[{"data":1,"prerenderedAt":4},["ShallowReactive",2],{"legal-document:https://legal.efficientether.co.uk/data-processing-agreement.html":3},"\u003Cdiv class=\"space-y-6 text-gray-300\">\n \u003Ch1 class=\"text-3xl font-semibold text-white\">Data Processing Agreement\u003C/h1>\n \u003Cp>\u003Cstrong>Last revised:\u003C/strong> 23 April 2026\u003C/p>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">1. Scope\u003C/h2>\n \u003Cp>\n This Data Processing Agreement (the \u003Cstrong>DPA\u003C/strong>) forms part of the SaaS Terms between\n EfficientEther Ltd (the \u003Cstrong>Processor\u003C/strong>) and the customer (the \u003Cstrong>Controller\u003C/strong>)\n and applies whenever EfficientEther processes personal data on behalf of the customer in connection\n with the EfficientEther platform.\n \u003C/p>\n \u003Cp>\n Where a signed DPA executed between the parties exists, that document takes precedence over this online version.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">2. Definitions\u003C/h2>\n \u003Cp>\n Terms including \u003Cem>Personal Data\u003C/em>, \u003Cem>Processing\u003C/em>, \u003Cem>Data Subject\u003C/em>, \u003Cem>Controller\u003C/em>,\n \u003Cem>Processor\u003C/em>, and \u003Cem>Sub-Processor\u003C/em> carry the meaning given in UK GDPR and EU GDPR.\n \u003Cem>Applicable Data Protection Laws\u003C/em> means UK GDPR, the UK Data Protection Act 2018, and, where the customer is\n subject to it, EU GDPR.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">3. Processing Details\u003C/h2>\n \u003Cdiv class=\"overflow-x-auto\">\n \u003Ctable class=\"min-w-full border border-gray-700 text-sm\">\n \u003Cthead>\n \u003Ctr class=\"bg-gray-800 text-left text-white\">\n \u003Cth class=\"border border-gray-700 px-3 py-2\">Item\u003C/th>\n \u003Cth class=\"border border-gray-700 px-3 py-2\">Detail\u003C/th>\n \u003C/tr>\n \u003C/thead>\n \u003Ctbody>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Subject matter\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Provision of the EfficientEther platform and associated services to the customer.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Duration\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">For the term of the subscription agreement plus any data retention period required for service continuity, audit, or legal purposes.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Nature and purpose\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Collection, storage, analysis, transmission, and deletion of personal data strictly to deliver the contracted service.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Categories of data subjects\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Customer personnel, end users, and authorised administrators who interact with the platform.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Categories of personal data\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Account identifiers, business contact details, authentication metadata, service usage logs, and any personal data the customer chooses to upload into the platform in line with the subscription agreement.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Special category data\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Not required by the service. Customers must not upload special category data unless explicitly agreed in writing in advance.\u003C/td>\n \u003C/tr>\n \u003C/tbody>\n \u003C/table>\n \u003C/div>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">4. Customer Instructions\u003C/h2>\n \u003Cp>\n EfficientEther processes personal data only on documented instructions from the customer, including the instructions\n set out in the subscription agreement and any subsequent written instructions. EfficientEther will notify the customer\n if, in its opinion, an instruction conflicts with applicable data protection law.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">5. Confidentiality and Personnel\u003C/h2>\n \u003Cp>\n Personnel authorised to process personal data are bound by written confidentiality obligations or are under appropriate\n statutory duties of confidentiality, and are trained on their data protection responsibilities.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">6. Security Measures\u003C/h2>\n \u003Cp>\n EfficientEther implements and maintains appropriate technical and organisational measures consistent with ISO/IEC 27001\n and ISO/IEC 42001 certifications and Cyber Essentials accreditation, including:\n \u003C/p>\n \u003Cul class=\"list-disc list-inside space-y-1\">\n \u003Cli>Role-based access control with least-privilege defaults and regular access review.\u003C/li>\n \u003Cli>Encryption of personal data in transit and at rest.\u003C/li>\n \u003Cli>Network segmentation, vulnerability management, and dependency patching.\u003C/li>\n \u003Cli>Centralised logging, alerting, and documented incident response.\u003C/li>\n \u003Cli>Backup coverage with defined recovery time and recovery point objectives.\u003C/li>\n \u003Cli>Annual penetration testing and continuous internal audit.\u003C/li>\n \u003C/ul>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">7. Partner Tiers and Data Visibility\u003C/h2>\n \u003Cp>\n The EfficientEther platform supports a tiered partner model so customers who buy via a reseller or distributor benefit\n from the same data protection chain as customers who contract with EfficientEther directly.\n \u003C/p>\n \u003Cdiv class=\"overflow-x-auto\">\n \u003Ctable class=\"min-w-full border border-gray-700 text-sm\">\n \u003Cthead>\n \u003Ctr class=\"bg-gray-800 text-left text-white\">\n \u003Cth class=\"border border-gray-700 px-3 py-2\">Party\u003C/th>\n \u003Cth class=\"border border-gray-700 px-3 py-2\">Role\u003C/th>\n \u003Cth class=\"border border-gray-700 px-3 py-2\">Data Visibility\u003C/th>\n \u003C/tr>\n \u003C/thead>\n \u003Ctbody>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>End customer\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Controller\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Full visibility of its own tenant and personnel data.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Reseller partner\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Processor for the end customer, controller of its own customer and commercial records.\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">End customer records the reseller itself onboards; own commercial records.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>Distributor\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Controller of its own reseller records. Becomes a processor for end customer personal data only if explicitly scoped in writing.\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Reseller partner records; no end customer personal data by default.\u003C/td>\n \u003C/tr>\n \u003Ctr>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">\u003Cstrong>EfficientEther\u003C/strong>\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Processor or sub-processor acting on the instructions of the contracting party.\u003C/td>\n \u003Ctd class=\"border border-gray-700 px-3 py-2\">Only as required to provide the service.\u003C/td>\n \u003C/tr>\n \u003C/tbody>\n \u003C/table>\n \u003C/div>\n \u003Cp>\n Role-based access controls enforce these boundaries in the partner portal and access changes are logged. Where a customer\n contracts through a reseller, EfficientEther's data protection obligations flow down through back-to-back partner terms.\n Notifications required under this DPA (including sub-processor changes and personal data breaches) are made to the party\n EfficientEther contracts with, who is responsible for onward notification under its own agreement with the end customer.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">8. Sub-processors\u003C/h2>\n \u003Cp>\n The customer provides general written authorisation for EfficientEther to engage sub-processors to deliver the service,\n subject to the safeguards in this DPA. The current list is published at\n \u003Ca href=\"https://legal.efficientether.co.uk/sub-processors.html\" class=\"text-blue-400 hover:text-blue-300\">legal.efficientether.co.uk/sub-processors.html\u003C/a>\n and mirrored at\n \u003Ca href=\"https://www.efficientether.co.uk/sub-processors\" class=\"text-blue-400 hover:text-blue-300\">efficientether.co.uk/sub-processors\u003C/a>.\n \u003C/p>\n \u003Cp>\n EfficientEther notifies customers of intended additions or replacements of sub-processors at least 30 days in advance,\n unless a shorter period is required to address a risk to personal data. The customer may object to a material change by\n giving written notice within the notice period; if the parties cannot resolve the objection, the customer may terminate\n the affected service.\n \u003C/p>\n \u003Cp>\n Each sub-processor is bound by written terms that impose data protection obligations no less protective than those in this DPA.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">9. International Transfers\u003C/h2>\n \u003Cp>\n Where personal data is transferred outside the UK or EEA, EfficientEther relies on an appropriate transfer mechanism under\n UK GDPR and EU GDPR, including the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or an\n adequacy decision (including the UK Extension to the EU-US Data Privacy Framework, where applicable).\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">10. Data Subject Rights\u003C/h2>\n \u003Cp>\n EfficientEther provides reasonable assistance to the customer, taking into account the nature of the processing, to respond\n to data subject requests for access, rectification, erasure, restriction, objection, and portability. Where the customer cannot\n action a request through self-service tooling, EfficientEther supports on request.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">11. Breach Notification\u003C/h2>\n \u003Cp>\n EfficientEther notifies the customer without undue delay, and in any event within 72 hours, of becoming aware of a personal\n data breach affecting customer personal data, including sufficient information to allow the customer to meet its own\n notification obligations.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">12. Audits\u003C/h2>\n \u003Cp>\n EfficientEther makes available to the customer all information reasonably necessary to demonstrate compliance with this DPA,\n including ISO 27001, ISO 42001, and Cyber Essentials certificates and audit summaries. Customers with a reasonable requirement\n beyond the standard evidence pack may request a scoped audit by written arrangement, subject to confidentiality and reasonable\n cost recovery.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">13. Return and Deletion\u003C/h2>\n \u003Cp>\n At the customer's choice, and on termination of the service, EfficientEther returns or deletes customer personal data, except\n where retention is required by law, for legitimate service-continuity purposes, or for dispute resolution, in which case the\n data remains subject to the confidentiality and security obligations in this DPA.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">14. Liability and Precedence\u003C/h2>\n \u003Cp>\n Liability under this DPA is subject to the limitations and exclusions set out in the subscription agreement. In the event of\n conflict, this DPA prevails over the subscription agreement solely in respect of data protection matters.\n \u003C/p>\n \u003C/section>\n\n \u003Csection class=\"space-y-3\">\n \u003Ch2 class=\"text-xl font-semibold text-white\">15. Contact\u003C/h2>\n \u003Cp>\n Customers requiring a signed counterpart, a jurisdiction-specific addendum, or additional security documentation should email\n \u003Ca href=\"mailto:privacy@efficientether.co.uk\" class=\"text-blue-400 hover:text-blue-300\">privacy@efficientether.co.uk\u003C/a>\n or open a security enquiry via\n \u003Ca href=\"https://www.efficientether.co.uk/contact?interest=security\" class=\"text-blue-400 hover:text-blue-300\">efficientether.co.uk/contact\u003C/a>.\n \u003C/p>\n \u003Cp>\n Data controller: \u003Cstrong>EfficientEther Ltd\u003C/strong> (Company Number \u003Cstrong>14951957\u003C/strong>, VAT \u003Cstrong>GB455180788\u003C/strong>),\n registered in England and Wales. Registered office: \u003Cstrong>86-90 Paul Street, London, England, EC2A 4NE\u003C/strong>.\n \u003C/p>\n \u003C/section>\n\u003C/div>\n",1778883027224]