Data Processing Agreement

1. Scope and Purpose

This Data Processing Agreement (DPA) governs the processing of personal data by SecurePointAfrica as a data processor on behalf of our customers as data controllers.

2. Data Processing Activities

SecurePointAfrica processes personal data for the following purposes:

• Sanctions screening and compliance verification
• PEP (Politically Exposed Persons) screening
• Service delivery and support
• Billing and account management
• Security monitoring and fraud prevention

3. Categories of Personal Data

We process the following categories of personal data:

• Identity data (names, aliases, dates of birth)
• Contact data (email addresses, phone numbers)
• Document data (ID numbers, passport numbers)
• Location data (country codes, addresses)
• Technical data (IP addresses, user agents)

4. Data Security Measures

We implement comprehensive security measures to protect personal data:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

5. Data Subject Rights

We assist data controllers in fulfilling data subject rights:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object to processing

6. Data Retention

Personal data is retained in accordance with:

• Customer-specified retention periods (90 days to 5 years)
• Legal and regulatory requirements
• Legitimate business purposes
• Data minimization principles

7. Sub-processors

We may engage sub-processors to assist in service delivery. All sub-processors are bound by appropriate data protection agreements.

8. International Transfers

Personal data may be transferred internationally with appropriate safeguards, including:

• Adequacy decisions by relevant authorities
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

9. Data Breach Notification

In the event of a data breach, we will:

• Notify relevant supervisory authorities within 72 hours
• Inform affected data controllers without undue delay
• Provide detailed information about the breach
• Assist with breach response and mitigation

10. Compliance and Audits

We maintain compliance with applicable data protection laws and regulations. Customers may request audit reports and compliance certifications.

11. Contact Information

For DPA-related inquiries, please contact: