This Data Processing Addendum (“Addendum”) forms part of the agreement between Secure Target Limited (“Processor”) and the customer or client (“Controller”) who has engaged Secure Target to provide cybersecurity, advisory, or related professional services (“Services”).
This Addendum reflects the parties’ agreement on the processing of personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK GDPR, as applicable.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing”, “Controller”, “Processor”, and “Data Subject” have the meanings given in the GDPR.
“Applicable Data Protection Law” means all laws and regulations relating to the processing of personal data, including the GDPR.
The Controller determines the purpose and means of the processing of Personal Data.
The Processor processes Personal Data only on documented instructions from the Controller, except as required by law.
Secure Target processes Personal Data solely for the purpose of delivering cybersecurity advisory and related professional services, including:
Assessment and improvement of information security controls
Risk management and compliance monitoring
Incident response and forensic support
Communication and reporting to the Controller
Personal Data processed may include limited business contact details and security-related records, depending on the nature of the engagement.
Data Subjects may include employees, contractors, or users of the Controller’s systems.
Secure Target shall:
Process Personal Data only on documented instructions from the Controller.
Ensure confidentiality, integrity, and availability of Personal Data.
Maintain appropriate technical and organisational security measures.
Assist the Controller in meeting data subject requests and compliance obligations.
Notify the Controller without undue delay upon becoming aware of a personal data breach.
Ensure that persons authorised to process the data are bound by confidentiality.
Secure Target may engage third-party subprocessors for infrastructure, security monitoring, and related services.
A current list of subprocessors is available at: https://secure-target.com/subprocessors/
Secure Target ensures all subprocessors are bound by written agreements consistent with this Addendum.
Personal Data shall not be transferred outside the European Economic Area (EEA) unless appropriate safeguards (such as Standard Contractual Clauses) are in place.
Upon termination of services, Secure Target will delete or return all Personal Data processed on behalf of the Controller, unless retention is required by law or legitimate business necessity.
Each party’s liability under this Addendum is subject to the limitations and exclusions of liability set out in the main agreement between the parties.
This Addendum shall be governed by and construed in accordance with the laws of Ireland, and any disputes shall be subject to the exclusive jurisdiction of the Irish courts.
If you have questions about this Data Processing Addendum or wish to exercise your data protection rights, please contact: [email protected]
Let us steer you in the right direction
©Secure Target. All rights reserved
Secure. Resilient. Compliant.
