Effective starting: August 24, 2025
This Data Processing Addendum (“DPA”) forms part of the Suprim Customer Agreement and applies when Suprim processes Customer Data on behalf of Customer.
Customer acts as Data Controller. Suprim acts as Data Processor.
Suprim processes data only as instructed by Customer. Processing is limited to providing products and services under the Agreement.
Suprim implements reasonable technical and organizational measures to protect Customer Data against unauthorized access, loss, or disclosure.
Suprim may use sub-processors (e.g., hosting providers). A current list can be requested at legal@suprimco.com
Where data is transferred outside the country of origin, Suprim ensures adequate protection through recognized legal mechanisms (such as Standard Contractual Clauses).
Suprim will reasonably assist Customer with data subject requests and compliance obligations under GDPR, CCPA, or similar laws.
At termination of services, Suprim will delete or return Customer Data as requested, unless retention is required by law.
