Data Processing Addendum (DPA)

This DPA forms part of the agreement between LYT BROX PTE LTD ("Processor") and the client ("Controller"). Capitalised terms follow PDPA/GDPR usage where applicable.

1. Subject Matter & Duration

Processor processes personal data solely to provide the contracted services, for the term of the Agreement.

2. Nature & Purpose

• Quotation generation, database lookups, integrations, hosting, support.

3. Types of Data & Data Subjects

• Customer contact data, business contact data, operational data included in price lists/quotations.
• Data subjects include client personnel and their customers.

4. Processor Obligations

• Process only on documented instructions from Controller.
• Implement appropriate technical and organisational measures.
• Ensure confidentiality and least-privilege access.
• Assist Controller with PDPA/GDPR requests, security incidents, and DPIAs as reasonably possible.
• Delete or return personal data within 30 days of termination, unless law requires retention.

5. Sub-processors

Controller authorises Processor to engage sub-processors (e.g., Google Cloud, Render, Airtable, Meta platforms, Stripe, Voiceflow) for service provision. Processor will maintain a list on request and ensure contractual safeguards.

6. International Transfers

Transfers may occur subject to appropriate safeguards and compliance with applicable laws.

7. Audit

Upon reasonable notice, Processor will provide information necessary to demonstrate compliance with this DPA.

8. Liability

Liability is limited as set out in the Agreement's limitation of liability.

Contact: sales@lytbrox.com