Parties:

  • Controller: Client using Beztec’s services
  • Processor: Beztec Ltd, registered in England and Wales

1. Purpose

This DPA governs the processing of personal data by Beztec on behalf of the Controller in accordance with UK GDPR Article 28.

2. Nature of Processing

Beztec processes personal data to provide:

  • GDPR audit services
  • DPIA template generation
  • Website analytics and cookie consent management

3. Obligations of Beztec

  • Process data only on documented instructions
  • Implement appropriate technical and organizational measures
  • Ensure confidentiality and train staff
  • Assist with data subject rights requests
  • Notify Controller of any data breach within 24 hours

4. Subprocessors

Beztec uses subprocessors including:

  • Stripe (payments)

Controller will be notified of any changes to subprocessors.

5. Data Transfers

All data is stored within the UK or EEA. Any transfers outside will follow Standard Contractual Clauses.

6. Termination

Upon termination, Beztec will delete or return all personal data unless required by law to retain it.

7. Audit Rights

Controller may audit Beztec’s compliance with this DPA once per year with 30 days’ notice.

8. Governing Law

This agreement is governed by the laws of England and Wales.

Effective Date: 1 July 2019 – Last Updated: 5 August 2025