Data Processing Addendum

Last updated

Where Equate Instruments processes personal data on behalf of a business customer (for example when providing services in which we act as a processor), a Data Processing Addendum (DPA) governs that processing. This page summarises the key terms; a signed DPA is available on request. To execute a DPA, contact our Data Protection Officer at hassan.n@equateinstruments.com.

On this page

1. Subject matter & duration

The DPA covers processing of personal data carried out by us as processor for the customer as controller, for the duration of the underlying agreement and until deletion or return of the data.

2. Nature & purpose of processing

We process personal data only to provide the agreed services and as documented in the underlying agreement and the customer's instructions.

3. Types of data & categories of data subjects

  • Types of personal data: contact details, account data and order data.
  • Categories of data subjects: the customer's staff and authorised users.

4. Documented instructions

We process personal data only on the customer's documented instructions, including regarding international transfers, unless required to do otherwise by EU or Member State law (in which case we inform the customer unless legally prohibited).

5. Confidentiality

Personnel authorised to process the personal data are bound by appropriate confidentiality obligations.

6. Security (Art. 32)

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR, including as relevant encryption in transit and at rest, access controls, logging and regular review.

7. Sub-processors

The customer authorises the use of sub-processors subject to equivalent data-protection obligations and prior notice of changes with a right to object. Current sub-processors include:

  • Supabase — database and authentication hosting.
  • Resend — email delivery.
  • Vercel — hosting and content delivery.
  • No other sub-processors are currently engaged.

8. Data-subject rights & breach assistance

We assist the customer, taking into account the nature of processing, in responding to data-subject requests and in meeting obligations under Articles 32–36, including assisting with and notifying personal data breaches without undue delay after becoming aware of them.

9. Deletion or return of data

On termination of the services, we delete or return all personal data at the customer's choice, and delete existing copies unless retention is required by law.

10. Audit rights

We make available information necessary to demonstrate compliance with Article 28 and allow for and contribute to audits, including inspections, conducted by the customer or an auditor mandated by the customer, subject to reasonable confidentiality and scheduling arrangements.

11. International transfers

Any transfer of personal data outside the EEA is carried out only with an appropriate safeguard under Chapter V GDPR, such as Standard Contractual Clauses or an adequacy mechanism, as further described in our Privacy Policy.

12. Executing a DPA

To request and sign a DPA, please contact our privacy contact:

Equate Instruments

Equate Instruments
Let's Work Together

Ready to distribute worldwide?

Be among the first partners to offer Equate Instruments in your market. Apply today and start supplying premium dental instruments your customers can trust.