Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Terms of Service between IT Company Ltd ("Data Processor", "we", "us") and the customer ("Data Controller", "you").

This DPA reflects the parties' agreement regarding the processing of personal data in accordance with the General Data Protection Regulation (EU GDPR) and the UK GDPR.

Data Controller: You determine the purposes and means of processing personal data submitted to the Franchise Family platform (e.g., employee names, training records).

Data Processor: We process personal data only on your documented instructions and for the purpose of providing the platform services.

You authorize us to engage third-party sub-processors to assist in providing the services. Our primary sub-processors include:

• Cloud Hosting Providers (e.g., AWS) for data storage and infrastructure.
• Stripe for secure payment processing.

We ensure that all sub-processors are bound by written agreements that require them to provide at least the same level of data protection as required by this DPA.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption in transit and at rest, regular backups, and access controls.

We will assist you in fulfilling your obligations to respond to requests from data subjects (e.g., right to access, right to be forgotten). Upon termination of your account, we will delete or return all personal data to you, unless legally required to retain it.