This DPA applies where Zevion acts as a data processor on behalf of a Client (data controller).

1. Scope

Zevion will process personal data only:

• On documented instructions from the Client

• For the purpose of providing Services

2. Nature of Processing

Processing may include:

• Hosting applications

• Managing databases

• Developing systems that store personal data

• Technical support

3. Security

Zevion shall implement appropriate technical and organisational measures, including:

• Encryption where appropriate

• Access controls

• Secure hosting environments

• Regular system monitoring

4. Subprocessors

Zevion may use trusted third-party providers (e.g., cloud hosting providers).

Zevion remains responsible for ensuring compliance.

5. Data Subject Rights

Zevion shall assist the Client in responding to:

• Access requests

• Erasure requests

• Rectification requests

6. Data Breach

Zevion will notify the Client without undue delay after becoming aware of a personal data breach.

7. International Transfers

Transfers outside the UK will comply with UK GDPR safeguards.

8. Termination

Upon termination, personal data will be returned or securely deleted unless required by law.