Data Processing Addendum (DPA)

MaisonRMI data protection terms aligning with GDPR, UK GDPR, and international transfer requirements.

Version
1.1.0
Published
May 20, 2024
Last Updated
Sep 01, 2025
Owner
Privacy Office
Source PDF
View document

Scope

Attach the DPA whenever MaisonRMI processes personal data on behalf of a customer. It is mandatory for SaaS deals, pilot programs, and professional services engagements involving personal information.

Highlights

  • Subprocessors: Current list maintained in Appendix B with notification requirement 30 days prior to changes.
  • Security Measures: References the IT Security & Operations Policy and includes technical/organisational controls.
  • Breach Notification: MaisonRMI commits to notify within 24 hours of confirming a security incident.
  • Audit Rights: Customers may request evidence of controls annually; on-site audits require 30 days notice.
  • International Transfers: Incorporates EU Standard Contractual Clauses and UK International Data Transfer Addendum.

Implementation Notes

  1. Confirm the customer entity and jurisdiction to select the correct SCC module.
  2. Update Annex I with data categories and processing purposes provided by the commercial team.
  3. Coordinate with Security Operations for customer questionnaires or evidence packs.

Email [email protected] for bespoke data processing clauses or government-specific compliance requirements.

Source Documents