Data Processing Agreement (UK GDPR)

Last updated: 1 November 2025

This Data Processing Agreement (“DPA”) forms part of the contract between:

• Controller (Client): The customer identified in the Order/Statement of Work.
• Processor: Silverside Web Solutions Ltd, Company number 07939045, 74 Fortune Green Road, London, England NW6 1DS (“Silverside”).

1. Subject matter and duration

Silverside will process personal data to provide the services described in the main agreement or Statement of Work (“Services”). Processing continues for the term of the Services and any wind-down period required for export/deletion.

2. Nature and purpose; categories

Processing may include storage, hosting, retrieval, transmission, backup, support and troubleshooting. Data subjects may include the Client’s staff, contractors, customers and end-users. Personal data typically includes identifiers (names, emails, usernames), audit logs, usage records and files uploaded to the Client’s system. Special category data is not intended unless expressly agreed in writing with appropriate safeguards.

3. Controller instructions

Silverside will process personal data only on documented instructions from the Client, including as set out in this DPA and the main agreement. If an instruction infringes UK GDPR, Silverside will inform the Client (unless legally prohibited).

4. Confidentiality

Silverside ensures that persons authorised to process personal data are bound by confidentiality obligations and receive appropriate data protection training.

5. Security

Taking into account the state of the art and risks, Silverside implements suitable technical and organisational measures, including: access controls and least privilege; MFA; encryption in transit and at rest where appropriate; secure development practices; vulnerability/patch management; monitoring and logging; backup and tested restore procedures. Further details may be provided in a Security Overview on request.

6. Sub-processors

The Client authorises Silverside to appoint sub-processors for hosting, email, storage, monitoring, analytics and similar services. Silverside will impose data protection terms no less protective than this DPA and remains responsible for sub-processor performance. A current list of core sub-processors is available on request; Silverside will provide notice of material changes and allow reasonable objections where required by law or contract.

7. International transfers

Where processing involves transfers outside the UK, Silverside will implement appropriate safeguards (UK IDTA or UK Addendum to EU SCCs) and, where required, conduct transfer risk assessments.

8. Assistance

Taking into account the nature of processing, Silverside will assist the Client, as reasonably possible, with Data Subject requests, security obligations, impact assessments and prior consultations with the ICO.

9. Personal data breaches

Silverside will notify the Client without undue delay after becoming aware of a personal data breach affecting Client data, providing information to enable the Client to meet applicable notification obligations.

10. Return and deletion

Upon termination/expiry, on the Client’s written instruction, Silverside will delete or return personal data and delete existing copies within a reasonable period, unless retention is required by law or for evidence of proper processing (limited to what is necessary).

11. Audit

Silverside will make available information necessary to demonstrate compliance with this DPA and, upon reasonable notice, allow audits by the Client or an independent auditor mandated by the Client, subject to confidentiality, security and scheduling constraints. Reports from independent assessments may be provided to reduce on-site audits.

12. Liability and precedence

Liability limits and exclusions in the main agreement apply to this DPA to the extent permitted by law. If there is a conflict, this DPA prevails for data protection matters.

13. Contact

Data protection contact: [email protected], +44 (0)20 3617 1837.

---

Annex A – Details of Processing