Last Updated: March 15, 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Service or Master Service Agreement (“Agreement”) between mxNAP, a subsidiary of Ivx Group Ltd (Company No. 17080224) (Registered Address: Suite 70, 60 Tottenham Court Road, London, W1T 2EW, United Kingdom) and the Customer. It applies when mxNAP processes Personal Data on behalf of the Customer as a Processor under UK GDPR or EU GDPR. This DPA reflects the parties’ agreement with regard to the Processing of Personal Data.
1.1 “Data Protection Laws” means all applicable legislation relating to data protection and privacy including the UK GDPR, the Data Protection Act 2018, and the EU GDPR, as amended or replaced from time to time. 1.2 “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach”, and “Processing” shall have the meanings given to them in the Data Protection Laws. 1.3 “Sub-processor” means any third party appointed by mxNAP to process Personal Data on behalf of the Customer in connection with the Agreement.
2.1 The Customer is the Controller and mxNAP is the Processor. 2.2 Both parties agree to comply with their respective obligations under applicable Data Protection Laws.
3.1 mxNAP shall process Personal Data only on the documented verbal or written instructions of the Customer, including with regard to transfers of personal data to a third country, unless required to do so by applicable law. 3.2 The Customer ensures that its instructions for the processing of Personal Data shall comply with Data Protection Laws.
4.1 mxNAP ensures that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.1 mxNAP implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments.
5.1 The Customer grants mxNAP general authorization to engage sub-processors (such as data center facilities or licensing partners) to provide the services. 5.2 A list of current sub-processors is available upon request.
6.1 mxNAP will assist the Customer, where possible, in fulfilling their obligations to respond to requests from individuals exercising their rights (e.g., access, deletion).
7.1 In the event of a Personal Data breach, mxNAP will notify the Customer without undue delay and provide sufficient information to allow the Customer to meet their legal notification obligations.
8.1 mxNAP will make available to the Customer information necessary to demonstrate compliance with this DPA and allow for audits or inspections conducted by the Customer or their appointed auditor.
10.1 mxNAP shall not transfer Personal Data outside the UK or the European Economic Area (EEA) unless it ensures that the transfer is performed in accordance with Data Protection Laws (e.g., through Standard Contractual Clauses or an International Data Transfer Agreement).
9.1 Upon termination of the services, mxNAP will delete or return all Personal Data to the Customer, unless required by law to retain it.
12.1 Each party’s liability taken in the aggregate, arising out of or related to this DPA, shall be subject to the limitations of liability set forth in the Agreement.
ANNEX 1: DETAILS OF PROCESSING
Subject Matter: The provision of web hosting, infrastructure, and IT management services by mxNAP to the Customer. Duration: The term of the Agreement plus the period until all Personal Data is deleted or returned. Nature and Purpose: To store, manage, and host the Customer’s website and data as per the service subscription. Categories of Data Subjects: The Customer’s employees, contractors, end-users, and website visitors. Types of Personal Data: IP addresses, names, email addresses, log files, website content, and any other data stored on mxNAP infrastructure by the Customer.