Data Processing Agreement

1. Definitions

• Controller — the Client who determines the purposes and means of processing personal data.
• Processor — Clictic Ltd, who processes personal data on behalf of the Controller.
• Personal Data — any information relating to an identified or identifiable natural person.
• Applicable Law — Isle of Man Data Protection Act 2018 and UK GDPR as applied in the Isle of Man.

2. Processing instructions

Clictic will only process personal data on documented instructions from the Controller, except where required by applicable law. Instructions may be provided through the service agreement, platform configuration or written communication.

3. Confidentiality

Clictic ensures that persons authorised to process personal data are under appropriate confidentiality obligations.

4. Sub-processors

Clictic may engage sub-processors to assist in delivering services. Any sub-processor is subject to equivalent data protection obligations. Clictic will inform the Controller of any intended changes to sub-processors where required.

5. Data subject rights

Clictic will assist the Controller in responding to data subject rights requests, including access, correction, deletion, restriction, portability and objection, to the extent technically feasible.

6. Security

Clictic implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, loss or destruction.

7. Data breach notification

Clictic will notify the Controller without undue delay after becoming aware of a personal data breach affecting data processed on the Controller's behalf.

8. Data return and deletion

At the end of the service relationship, Clictic will, at the Controller's choice, return or securely delete personal data, subject to any legal retention requirements.

9. Contact

For data processing queries or to request a formal DPA, please contact: