Data Processing Addendum

This Data Processing Addendum applies when MegaDev Ltd, operating Doxelio Digital Agency, processes personal data for a client as a processor or service provider. It supplements the applicable service agreement.

We process client personal data only to provide the agreed services, follow documented client instructions, maintain security, comply with law, and support the project.

• Website visitor data, contact form submissions, customer records, order details, support requests, account data, analytics data, logs, and technical identifiers.
• The exact data depends on the client's website, integrations, hosting, CRM, ecommerce platform, and requested services.

We may use hosting, cloud, email, analytics, project management, security, automation, payment, and support providers as subprocessors where needed. We aim to use providers with appropriate confidentiality, security, and data protection commitments.

• People with access to client data are expected to handle it confidentially.
• We use reasonable technical and organisational measures appropriate to the project scope.
• Clients remain responsible for account ownership, lawful notices, consent, and the instructions they give us.

Where reasonably possible and within the agreed service scope, we assist clients with data subject requests, security incidents, audits, deletion, export, and compliance questions related to the services we provide.

After services end, we will delete or return client personal data within a reasonable period unless retention is required by law, backup cycles, dispute protection, accounting, or legitimate security needs.