Data Processing Agreement (DPA)
Last Updated: 01.01.2026
This Data Processing Agreement (“DPA”) forms part of the main Terms & Conditions between MVP HOUSE LTD
(“Processor”, “we”, “us”, “our”) and the customer (“Controller”, “you”, “your”) when we process personal data on
your behalf in connection with the Services.
1. Definitions
-
“Data Protection Laws” means UK GDPR, EU GDPR (where applicable), the Data Protection Act 2018,
and any other applicable data protection legislation.
-
“Personal Data” means any information relating to an identified or identifiable natural person as
defined under Data Protection Laws.
-
“Processing” means any operation performed on Personal Data, including collection, storage, use,
disclosure, and deletion.
-
“Controller” means the entity that determines the purposes and means of the Processing of Personal
Data.
-
“Processor” means the entity that Processes Personal Data on behalf of the Controller.
-
“Subprocessor” means any third party engaged by the Processor to Process Personal Data on behalf of
the Controller.
2. Roles of the Parties
For data subject Personal Data provided by you or generated through your use of the Services:
- You are the Controller.
- MVP HOUSE LTD is the Processor.
- Approved third parties listed in the Subprocessors List are Subprocessors.
3. Subject Matter and Duration
The subject matter of this DPA is the Processing of Personal Data by MVP HOUSE LTD on your behalf in connection with providing the Services.
The duration of Processing shall be the same as the duration of your use of the Services, unless otherwise required by law or agreed in writing.
4. Nature and Purpose of Processing
We Process Personal Data solely for the following purposes:
- Providing, maintaining, and improving the Services.
- Authenticating users and securing accounts.
- Operating AI-powered features and tools as requested by you.
- Providing customer support and technical assistance.
- Preventing fraud, abuse, and security incidents.
- Complying with legal obligations.
5. Categories of Data Subjects and Data
5.1 Categories of Data Subjects
- Your end users and customers.
- Employees, contractors, or agents using the Services.
5.2 Categories of Personal Data
- Identification data (e.g., name, email address).
- Account and login information.
- Usage and activity logs.
- AI prompts and outputs, where identifiable.
- Communication data related to support interactions.
No special category data is intentionally required or requested. You agree not to submit special category data unless explicitly agreed in writing.
6. Controller Responsibilities
As Controller, you are responsible for:
- Ensuring a valid legal basis for Processing Personal Data.
- Providing accurate and lawful instructions to us as Processor.
- Complying with all applicable Data Protection Laws.
7. Processor Obligations
We shall:
- Process Personal Data only on documented instructions from you, including with regard to transfers to a third country, unless required by law.
- Ensure that persons authorized to Process Personal Data are under appropriate confidentiality obligations.
- Implement appropriate technical and organisational measures to protect Personal Data, as described in our Security Policy.
- Assist you, insofar as possible, with fulfilling your obligations to respond to data subject requests.
- Assist you with data protection impact assessments where reasonably required.
- Notify you without undue delay after becoming aware of a Personal Data breach.
8. Subprocessors
You authorise us to engage Subprocessors to Process Personal Data on your behalf. A current list of Subprocessors is maintained in our Subprocessors List.
We will:
- Ensure Subprocessors are bound by data protection obligations no less protective than those in this DPA.
- Remain responsible for the actions and omissions of Subprocessors.
9. International Data Transfers
Where Personal Data is transferred outside the UK or EEA, we shall ensure that such transfers comply with Data Protection Laws, including by using:
- Standard Contractual Clauses (SCCs); and/or
- The UK International Data Transfer Addendum, where applicable.
10. Security Measures
We maintain appropriate technical and organisational security measures to protect Personal Data, including but not limited to:
- Encryption in transit (TLS/HTTPS).
- Access controls and authentication.
- Network and application security safeguards.
- Regular backups and disaster recovery procedures.
Further details can be found in our Security Policy.
11. Personal Data Breach Notification
In the event of a Personal Data breach affecting Personal Data we Process on your behalf, we will notify you without undue delay after becoming aware of the breach and provide information reasonably required for you to meet your own legal obligations.
12. Data Subject Requests
If we receive a request directly from a data subject relating to Personal Data that we Process on your behalf, we will, where reasonably possible, forward the request to you. We shall not respond to such requests except on your documented instructions or as required by law.
13. Data Retention and Deletion
Upon termination of the Services, we will delete or anonymise Personal Data Processed on your behalf within a reasonable timeframe, unless retention is required by law.
Where deletion is not technically feasible, we will apply effective protection and limit further Processing.
14. Audits and Compliance
Upon reasonable request, we will provide information necessary to demonstrate our compliance with this DPA and Data Protection Laws.
Formal audits may be conducted under mutually agreed terms and conditions, without unreasonable disruption to our operations.
15. Liability
Liability under this DPA is subject to the limitations set out in the main Terms & Conditions. Nothing in this DPA limits either party’s liability in relation to data protection breaches where such limitation is not permitted by law.
16. Priority
In the event of a conflict between this DPA and the main Terms & Conditions, this DPA shall prevail with respect to data protection matters.
17. Contact
For any questions about this DPA or data protection, please contact:
Email: [email protected]