Data Processing Agreement (Addendum)

between Tech Eco Hub Ltd (“Processor” / “TEH”) and the Client (“Controller”)

1. Purpose and Scope

1.1 This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions (the “Agreement”) between TEH and the Client.
1.2 The DPA governs TEH’s processing of personal data on behalf of the Client in connection with the Services.
1.3 Both parties shall comply with their respective obligations under applicable data protection laws, including the UK GDPR and Data Protection Act 2018.

2. Roles of the Parties

2.1 The Client is the Data Controller and determines the purposes and means of processing.
2.2 TEH is the Data Processor and shall process personal data only on the documented instructions of the Client.

3. Processing Instructions

3.1 TEH shall process personal data only for the following purposes:
(a) providing sales enablement, lead generation, training, and related services under the Agreement;
(b) maintaining records of activity as required for compliance and billing;
(c) complying with legal obligations.

3.2 TEH shall not process personal data for its own purposes or for any third party without the Client’s prior written consent.

4. Categories of Data Subjects and Data

4.1 Categories of Data Subjects may include:

  • Client employees (sales teams, managers);

  • Prospective customers and leads;

  • Business partners or contacts engaged in lead generation activities.

4.2 Categories of Personal Data may include:

  • Contact details (name, job title, email, phone);

  • Company information;

  • Communication records;

  • Any additional data provided by the Client for lead generation purposes.

4.3 Special Category Data shall not be intentionally processed.

5. Confidentiality

5.1 TEH shall ensure that all personnel authorised to process personal data are subject to confidentiality obligations.
5.2 As an SAP Ecosystem Partner, TEH acknowledges that existing confidentiality and non-disclosure agreements with SAP remain binding and shall not be overridden by this DPA.

6. Security Measures

6.1 TEH shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including but not limited to:

  • where appropriate, encryption of data in transit and at rest;

  • access controls and authentication;

  • staff training on data protection.

7. Sub-Processors

7.1 TEH may engage sub-processors to deliver Services, provided that:
(a) the Client is notified in advance;
(b) the sub-processor is bound by data protection obligations no less stringent than those set out in this DPA;
(c) TEH remains fully liable for the acts and omissions of any sub-processor.

8. International Data Transfers

8.1 TEH shall not transfer personal data outside the UK or EEA unless:
(a) adequate safeguards are in place under Chapter V UK GDPR (e.g., adequacy decision, standard contractual clauses); and
(b) the Client has been notified in advance.

9. Data Subject Rights

9.1 TEH shall assist the Client in fulfilling data subject rights requests, including rights of access, rectification, erasure, restriction, portability, and objection.
9.2 TEH shall promptly notify the Client of any request received directly from a data subject and shall not respond without the Client’s written instruction.

10. Data Breach Notification

10.1 TEH shall notify the Client without undue delay (and within 48 hours where feasible) upon becoming aware of a personal data breach.
10.2 Such notice shall include all relevant details available at the time to enable the Client to comply with its reporting obligations to supervisory authorities and affected individuals.

11. Return or Deletion of Data

11.1 Upon termination of the Agreement, TEH shall, at the Client’s choice, either return or securely delete all personal data, unless retention is required by law.

12. Audit Rights

12.1 The Client shall have the right to request information demonstrating TEH’s compliance with this DPA.
12.2 Where reasonably necessary, the Client may conduct (or appoint a third party to conduct) audits, subject to reasonable notice and confidentiality restrictions.

13. Governing Law

13.1 This DPA shall be governed by and construed in accordance with the laws of England and Wales, and disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.