This Data Processing Agreement ("DPA") forms part of the agreement between Asora Technologies Limited ("Processor") and the client ("Controller") for the provision of the Asora platform services.

The Processor shall process personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country, unless required to do so by Union or Member State law.

The Processor shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption of personal data, the ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems.

The Processor shall assist the Controller in ensuring compliance with the obligations relating to security of processing, notification of personal data breaches, data protection impact assessments, and prior consultation.

Upon termination of the services, the Processor shall, at the choice of the Controller, delete or return all personal data to the Controller and delete existing copies unless Union or Member State law requires storage of the personal data.

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits.