Equitista

Legal

Data Processing Addendum (DPA)

This DPA forms part of the agreement between Equitista and customer organizations for regulated personal data processing.

Effective: March 17, 2026Last updated: March 17, 2026
Jump to section

Controller and Processor Roles

Customer is controller and Equitista is processor for workspace personal data, unless otherwise specified in writing.

  • Equitista processes data only on documented customer instructions.
  • Customer remains responsible for lawful basis and data subject notice obligations.
  • Both parties cooperate in good faith on data protection compliance.

Processor Obligations

Equitista applies technical and organizational controls and ensures personnel confidentiality.

  • Access to personal data is restricted to personnel with legitimate operational need.
  • Processing systems are monitored for security events and suspicious activity.
  • Security controls are periodically reviewed against risk and service evolution.

Subprocessors

Subprocessors may be engaged for infrastructure and support under written data protection commitments.

  • Equitista remains responsible for subprocessors performance under this DPA.
  • Material subprocessors changes are communicated through established notice channels.
  • Customers may raise reasonable objections based on documented compliance concerns.

International Data Transfers

Cross-border transfers use appropriate safeguards, including contractual mechanisms where required.

  • Standard Contractual Clauses or equivalent transfer safeguards apply where legally required.
  • Transfer impact considerations are evaluated and updated as regulatory guidance evolves.
  • Supplementary controls may be applied for high-risk transfer contexts.

Security Incident Notification

Equitista notifies customers without undue delay after confirming a personal data incident.

  • Notifications include known scope, likely impact, and mitigation progress.
  • Incident updates are provided as additional validated facts become available.
  • Both parties cooperate on reasonable remediation and regulatory response obligations.

Deletion, Return, and Audit Support

On termination or request, personal data is deleted or returned subject to legal retention constraints.

  • Deletion/return procedures follow customer instructions and contractual timelines.
  • Equitista provides reasonable information to demonstrate compliance obligations.
  • Audit requests are handled through mutually agreed scope and confidentiality safeguards.

Related legal documents

Privacy PolicyTerms of ServiceAcceptable Use Policy

For legal questions, contact developers@equitista.com.