Data Processing Agreement

Effective Date: July 12, 2025

1. Introduction

This Data Processing Agreement ("DPA") forms part of the service agreement between you ("Client") and Bitscaled LLC ("Bitscaled", "we", "us", or "our"). This DPA governs the processing of personal data by Bitscaled on behalf of the Client in connection with the provision of our managed IT services.

2. Definitions

For the purposes of this DPA, the following definitions apply:

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on personal data, including collection, storage, use, and deletion
• "Data Controller" means the Client, who determines the purposes and means of processing personal data
• "Data Processor" means Bitscaled, who processes personal data on behalf of the Client
• "GDPR" means the General Data Protection Regulation (EU) 2016/679

3. Scope and Nature of Processing

Bitscaled processes personal data solely as necessary to provide managed IT services to the Client, including:

• System monitoring and maintenance
• Technical support and troubleshooting
• Security monitoring and incident response
• Backup and disaster recovery services
• Performance optimization and reporting

4. Data Protection Obligations

Bitscaled commits to:

• Process personal data only in accordance with documented instructions from the Client
• Implement appropriate technical and organizational security measures
• Maintain confidentiality of all personal data
• Assist the Client in responding to data subject requests
• Notify the Client of any personal data breaches without undue delay
• Delete or return personal data upon termination of services

5. Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit and at rest
• Multi-factor authentication and access controls
• Regular security assessments and penetration testing
• Employee training on data protection requirements
• Secure data centers with 24/7 monitoring
• Regular backup and disaster recovery procedures

6. Sub-processors

Bitscaled may engage third-party sub-processors to assist in providing services. We maintain a list of approved sub-processors and ensure they meet the same data protection standards. The Client will be notified of any changes to sub-processors with the opportunity to object.

7. Data Subject Rights

Bitscaled will assist the Client in fulfilling data subject rights requests, including:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

8. Data Breach Notification

In the event of a personal data breach, Bitscaled will:

• Notify the Client without undue delay and within 72 hours of becoming aware
• Provide detailed information about the nature and scope of the breach
• Implement immediate containment and remediation measures
• Assist the Client in notifying supervisory authorities and data subjects as required
• Conduct a thorough investigation and provide a detailed incident report

9. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), Bitscaled ensures adequate protection through appropriate safeguards such as Standard Contractual Clauses or adequacy decisions by the European Commission.

10. Audits and Compliance

Bitscaled maintains records of all processing activities and will make available to the Client all information necessary to demonstrate compliance with this DPA. The Client may conduct audits or inspections, or appoint a qualified third party to do so, upon reasonable notice.

11. Data Retention and Deletion

Personal data will be retained only for as long as necessary to provide the contracted services. Upon termination of the service agreement, Bitscaled will securely delete or return all personal data, unless required to retain it by applicable law.

12. Liability and Indemnification

Each party's liability under this DPA is subject to the limitation of liability provisions in the main service agreement. Bitscaled will indemnify the Client against claims arising from Bitscaled's breach of this DPA.

13. Amendments and Termination

This DPA may be amended only by written agreement of both parties. This DPA will remain in effect for the duration of the service agreement and will terminate automatically upon termination of the main agreement.

14. Governing Law

This DPA is governed by the same law as the main service agreement. Any disputes will be resolved in accordance with the dispute resolution procedures specified in the service agreement.

15. Contact Information

For any questions regarding this Data Processing Agreement or data protection matters, please contact: