Data Processing Addendum (DPA)

Effective Date: [Insert Date] * Website: https://www.fileNXT.com

This Data Processing Addendum ("DPA") forms part of the fileNXT Terms of Service and applies where fileNXT processes personal data on behalf of a customer ("Customer").

1. Definitions

"Personal Data", "Processing", "Controller", "Processor", and "Data Subject" have the meanings given under UK GDPR and EU GDPR, where applicable.

2. Roles of the Parties

The Customer acts as the Data Controller for personal data collected or uploaded through fileNXT.

fileNXT acts as a Data Processor and processes personal data only on documented instructions from the Customer.

3. Subject Matter and Duration

fileNXT provides file request and file hosting services. Processing occurs for the duration of the Customer's use of the Service, including any retention period required by law or technical backups.

4. Nature and Purpose of Processing

Processing activities may include collection, storage, organisation, transmission, and deletion of files and associated metadata, solely to provide and secure the Service.

5. Categories of Data

Categories of personal data may include:

  • Contact information (e.g., name, email address)
  • Files and documents uploaded by data subjects
  • Metadata (timestamps, file size, IP address)

6. Processor Obligations

  • Process personal data only on documented instructions.
  • Ensure personnel are subject to confidentiality obligations.
  • Implement appropriate technical and organisational security measures.
  • Assist the Customer in responding to data subject requests where applicable.
  • Notify the Customer without undue delay after becoming aware of a personal data breach.
  • Delete or return personal data upon termination of the Service, unless legally required to retain it.

7. Security Measures

fileNXT implements security measures appropriate to the risk, including encrypted data transmission (HTTPS), access controls, infrastructure-level protections, and monitoring for unauthorised access.

8. Subprocessors

fileNXT may engage trusted subprocessors (e.g., hosting providers, payment processors) to provide infrastructure services.

fileNXT remains responsible for ensuring subprocessors are subject to appropriate contractual data protection obligations.

9. International Transfers

Where personal data is transferred outside the UK or EEA, fileNXT ensures appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent lawful mechanisms.

10. Audit Rights

Upon reasonable written request, fileNXT will provide information necessary to demonstrate compliance with this DPA. Any audit must be reasonable in scope and subject to confidentiality obligations.

11. Governing Law

This DPA is governed by the same law and jurisdiction specified in the fileNXT Terms of Service.

This DPA is provided for general informational purposes and should be reviewed for your specific legal and operational requirements.