Data Processing Agreement

Controller: the customer entity that determines the purposes and means of processing personal data.

Processor: Fenec Labs S.L., processing personal data on behalf of the Controller.

Terms carry the meanings given in GDPR and applicable EU privacy law.

Fenec Labs processes personal data solely to provide on-premise workplace safety monitoring. Ordinary processing occurs on customer appliance hardware located at the customer's premises.

• Process personal data only on documented instructions.
• Ensure confidentiality for authorised personnel.
• Implement appropriate technical and organisational measures.
• Not engage subprocessors without the required consent.
• Assist with data subject rights and security obligations.
• Delete or return personal data at end of service.

TOMs will specify encryption, access control, audit logging, face redaction, retention, and deletion controls before pilot sign-off.

The on-premise product does not transmit customer personal data to subprocessors during normal operation. Website subprocessors are listed on the Subprocessors page.

Personal data processed on-appliance does not leave the EEA during normal operation. Website transfers are covered by applicable safeguards.

Audit procedure, notice period, scope, frequency, and cost allocation will be specified by counsel.