This Data Processing Addendum ("DPA") supplements the Terms of Service ("TOS") between you ("Customer") and Jarvis Technology Services Ltd t/a Jarvis Cloud X ("Company"). It governs the Processing of Personal Data in connection with the Services.

1. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation on Personal Data.
• Controller: The entity that determines the purposes and means of Processing.
• Processor: The entity that Processes Personal Data on behalf of the Controller.
• Sub-Processor: A third party engaged by the Processor.
• Data Subject: The individual whose Personal Data is Processed.
• Data Protection Laws: UK GDPR, Data Protection Act 2018 and any other applicable law.
• Standard Contractual Clauses: EU Commission’s and UK ICO’s approved clauses for international transfers.

2. Subject Matter, Duration, Nature & Purpose

• Subject matter: Processing of Customer data in connection with Services (e.g. eSIM, hosting, VPN, SMTP, domain registration).
• Duration: For the term of the Services plus any required legal retention period.
• Nature & Purpose: To enable delivery, support, improvement and security of the Services as defined in the TOS.

3. Categories of Data & Data Subjects

• Personal Data: Names; contact details; IP address; device identifiers (IMSI/IMEI); billing/payment data; usage/log data.
• Data Subjects: Customers, end-users, employees/agents of the Customer, and job applicants (where applicable).

4. Controller Obligations

• Ensure instructions comply with Data Protection Laws.
• Provide required notices and obtain consents.
• Respond to Data Subject requests and direct them to the Processor when applicable.
• Ensure Personal Data is accurate and lawfully collected.

5. Processor Obligations

• Process Personal Data only on documented instructions.
• Ensure personnel are subject to confidentiality.
• Maintain appropriate technical and organisational safeguards (see Annex 1).
• Notify Customer within 24 hours of any Personal Data breach.
• Assist with Data Subject requests, impact assessments, and audits.
• Delete or return data after service termination unless required by law.

6. Sub-Processors

• Customer authorises use of Sub-Processors listed in Annex 2.
• Company shall notify Customer of intended changes with 14 days to object.
• Company remains liable for Sub-Processor actions.

7. International Transfers

• Transfers outside UK/EEA are governed by SCCs or equivalent legal safeguards.
• Executed SCCs are available at: jarviscloudx.com/legal/sccs

8. Data Subject Rights

• Company will notify Customer of Data Subject requests without undue delay.
• Company will not respond directly unless authorised.

9. Security & Audit Rights

• Security measures are detailed in Annex 1.
• Customer may audit once per year with 30 days' notice via:
  • Review of third-party audit reports (e.g., SOC 2, ISO 27001).
  • On-site audit at Customer’s expense.

10. Liability & Indemnification

• Liability subject to TOS limitations.
• Each party indemnifies the other for breach of this DPA or Data Protection Law.

11. Governing Law & Miscellaneous

• This DPA is governed by English law.
• If any clause is invalid, the rest remain effective.
• Amendments must be in writing and agreed by both parties.

12. Contact Information

Jarvis Technology Services Ltd t/a Jarvis Cloud X
Company No. 14857666
124 City Road, London, England, EC1V 2NX
Email: [email protected] | [email protected] | [email protected]

Annex 1: Technical & Organisational Measures

• Access control (role-based, MFA)
• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Patch management & vulnerability scanning
• Secure backups & disaster recovery
• Data centre physical security
• Incident response & breach monitoring

Annex 2: Authorised Sub-Processors

Annex 3: Standard Contractual Clauses

This DPA incorporates the EU Commission’s and UK ICO’s Standard Contractual Clauses for transfers of Personal Data to processors located outside the UK/EEA. The current SCC documents are available at:
https://jarviscloudx.com/legal/sccs