Data Processing Addendum

1. Introduction

This Data Processing Addendum ("DPA") forms part of the Terms of Service betweenAdmirate AS ("Processor") and you ("Controller") for the use of our services.

This DPA reflects the parties' agreement regarding the processing of Personal Data in accordance with GDPR and other applicable data protection laws.

2. Roles

• You are the Data Controller
• We are the Data Processor acting on your behalf

3. Processor Obligations

We shall:

• Process Personal Data only on your documented instructions
• Ensure persons processing data are bound by confidentiality
• Implement appropriate technical and organizational security measures
• Not engage subprocessors without your authorization (see Subprocessors)
• Assist you in responding to Data Subject requests
• Delete or return all Personal Data upon termination
• Make available information for compliance audits

4. Security Measures

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Incident response procedures

5. Security Incidents

We shall notify you within 48 hours of becoming aware of a security incident affecting your Personal Data.

6. International Transfers

Personal Data may be transferred outside the EEA. We ensure compliance through:

• Standard Contractual Clauses (SCCs)
• Transfers to countries with adequacy decisions
• Other valid GDPR transfer mechanisms

7. Full DPA

For the complete Data Processing Addendum including all annexes, visit getplatform.co/legal/dpa

8. Contact

Data Protection Officer: dpo@getplatform.co