Data Processing Addendum (DPA)

Last updated: 01/12/2025
This Data Processing Addendum (“DPA”) forms part of the agreement between Clariqua Ltd (“Controller”) and its service providers (“Processor”) regarding the processing of personal data according to GDPR.

1. Definitions

  • “Personal Data”: Any information relating to an identifiable individual.
  • “Processing”: Any operation performed on personal data.
  • “Controller”: Clariqua Ltd
  • “Processor”: Any third-party service provider handling data on behalf of Clariqua Ltd.
  • “Applicable Law”: UK GDPR, EU GDPR, and relevant data protection laws.

2. Purpose of Processing

The Processor may only process Personal Data for:

  • Order fulfilment
  • Payment processing
  • Customer support
  • Website hosting & analytics
  • Marketing services (as authorised)

Processing may only occur as instructed by Clariqua Ltd.

3. Data Types

The Processor may handle:

  • Names
  • Email addresses
  • Delivery and billing addresses
  • Order history
  • Website usage data
  • Payment information (if not handled entirely by secure third parties)

4. Processor Obligations

The Processor agrees to:

  • Process data only on documented instructions
  • Maintain confidentiality
  • Implement adequate security measures
  • Notify the Controller of data breaches within 48 hours
  • Assist with data subject rights requests
  • Delete or return data after contract termination
  • Allow audits when reasonably requested

5. International Transfers

Processors may not transfer data outside the UK/EU without:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decision
  • Appropriate safeguards

6. Sub-Processors

Processors must obtain written authorisation before engaging sub-processors and remain responsible for their compliance.

7. Security Measures

Processors must implement:

  • Encryption
  • Access controls
  • Secure data storage
  • Regular vulnerability assessments

8. Data Subject Rights

The Processor shall assist the Controller in responding to:

  • Access requests
  • Correction
  • Deletion
  • Objection
  • Portability
  • Complaint handling

9. Termination

Upon termination of services, the Processor must:

  • Return all personal data OR
  • Permanently delete it
    unless otherwise required by law.

10. Governing Law

This DPA is governed by the laws of England & Wales 

At Clariqua, we give you the tools to unlock your best - physically and mentally.