Data Processing Agreement

Provided to active Customers on request

The Kiseki Data Processing Agreement (DPA) is a contractual document for B2B Customers in jurisdictions requiring a DPA under GDPR Article 28, the UK GDPR, or equivalent regimes.

It defines the controller / processor relationship between the Customer and Kiseki, the Standard Contractual Clauses for international transfers, sub-processor handling, audit rights, and breach notification timelines.

How to request the DPA

To receive the current Kiseki DPA, email [email protected] from the email address registered to your Kiseki account. Include:

• Your Customer account ID or registered email;
• Legal entity name that will be Controller under the DPA;
• Jurisdiction (so the correct module of the Standard Contractual Clauses is included).

The DPA is sent within 5 business days. By default, the version in force at the time of request applies; an executed copy can be returned by counter-signing.

What the DPA covers

• Subject matter, duration, nature, and purpose of processing;
• Categories of Data Subjects and Personal Data;
• Controller and Processor obligations under GDPR Art. 28(3);
• Sub-processor authorization and 30-day change notification;
• International transfer mechanisms (SCCs, UK Addendum, adequacy decisions);
• Technical and Organizational Measures (Annex II);
• Audit rights, breach notification, liability allocation.

Related documents

• Privacy Policy — public summary of data handling;
• Terms of Service — the master agreement that the DPA forms part of.