Data Processing Agreement

Introduction

This Data Processing Agreement (DPA) forms part of the contract between Natta and you (the "Customer") for the use of our services. This DPA reflects the parties' agreement regarding the processing of personal data in accordance with GDPR requirements.

Definitions

For the purposes of this DPA:

• •Personal Data means any information relating to an identified or identifiable natural person
• •Processing means any operation performed on personal data
• •Data Controller means the Customer who determines the purposes and means of processing
• •Data Processor means Natta, which processes personal data on behalf of the Controller

Processing of Personal Data

Natta shall:

• •Process personal data only on documented instructions from the Customer
• •Ensure that persons authorised to process personal data are committed to confidentiality
• •Implement appropriate technical and organisational measures to ensure security
• •Assist the Customer in responding to data subject rights requests

Security Measures

We implement appropriate technical and organisational measures including:

• •Encryption of personal data in transit and at rest
• •Regular security assessments and penetration testing
• •Access controls and authentication mechanisms
• •Incident response and breach notification procedures

Sub-processors

Natta may engage sub-processors to assist in providing the services. We maintain a list of approved sub-processors and will notify the Customer of any changes, allowing the Customer to object to such changes.

Data Subject Rights

Natta will assist the Customer in responding to requests from data subjects exercising their rights under GDPR, including rights to access, rectification, erasure, restriction, data portability, and objection.