Data Processing Addendum (DPA)

How we handle customer data in formal engagements, subject to the terms of a signed agreement.

What this is

For customers who require it, we may enter into a Data Processing Addendum that:

supplements a master services agreement or similar contract
specifies how we process personal data on your behalf
aligns responsibilities under applicable data protection laws

Typical contents

A DPA usually covers:

Roles: defining Morphed Tech as “processor” or “service provider” and the customer as “controller,” where relevant
Scope: categories of personal data, types of data subjects, and processing activities
Security: technical and organizational measures used to protect personal data
Sub‑processors: how we engage and manage third‑party providers
Data subject rights: assistance we provide to help you respond to rights requests
International transfers: how cross‑border transfers (if any) are handled in accordance with applicable law
Term and deletion: what happens to data at the end of the engagement

How to request a DPA

If your organization requires a DPA:

Let us know during the sales or contracting process.
We will provide a template or review your organization’s standard form.
Final terms will be agreed as part of the overall contract.

Relationship to this website

This page describes the concept of a DPA and how it typically fits into our engagements. It does not, by itself, constitute a binding DPA. Any binding terms will be contained in signed agreements between Morphed Tech and your organization.