Data Processing Addendum (DPA)

Standard terms governing Cortexta’s processing of Customer Personal Data.

Scope and roles

This DPA forms part of the Agreement between Cortexta (Processor) and the Customer (Controller) and applies to the extent Cortexta processes Customer Personal Data on behalf of Customer.

Processing details

  • Subject matter: Provision of the Cortexta services.
  • Duration: For the term of the Agreement and as otherwise required by law.
  • Nature and purpose: Hosting, storage, analysis, and delivery of productivity features.
  • Categories of data: As specified in the Privacy Policy.
  • Data subjects: Customer’s end users and personnel.

Processor obligations

  • Process data only on documented instructions from Customer.
  • Ensure personnel confidentiality and train staff on data protection.
  • Implement appropriate technical and organizational measures (TOMs).
  • Assist with data subject requests and DPIAs where appropriate.
  • Notify Customer of data breaches without undue delay.

Sub‑processing

Customer authorizes Cortexta to engage sub‑processors. Cortexta will impose data protection obligations on sub‑processors and remains responsible for their performance. Current sub‑processors are listed on our Sub‑processors page.

International transfers

Where applicable, the parties incorporate the EU Standard Contractual Clauses (SCCs) (Module 2) and the UK International Data Transfer Addendum. Additional technical measures will be applied to protect data transfers.

Audits and certifications

Upon request and subject to confidentiality, Cortexta will make available information necessary to demonstrate compliance and allow for audits by Customer or an appointed auditor.

Return and deletion

Upon termination or expiration, Cortexta will delete or return Customer Personal Data, unless retention is required by law.

Liability and indemnity

Liability is governed by the Agreement. Each party shall be responsible for its compliance with applicable data protection laws.

Miscellaneous

If there is a conflict between this DPA and the Agreement, this DPA shall prevail with respect to data protection obligations.