Logo
Cloud Compute
Cloud Desktop
Application Cloud

Addendum B – Data Processing Addendum (DPA)

Last Updated: August 23, 2025
This DPA supplements the Universal TOS and applies where HIOX processes personal data on behalf of the Customer.

1. Roles

  • Customer: Data Controller.
  • HIOX: Data Processor, acting only under Controller instructions.

2. Scope of Processing

HIOX processes Customer personal data solely to deliver the Services (hosting, SaaS, support, and integrations), which may include storage, backup, migration, and transmission as reasonably necessary.

3. Sub-Processors

HIOX may engage third-party providers (“Sub-Processors”) to assist with infrastructure, analytics, communications, or support. Only those providers that process Customer personal data outside HIOX’s own servers are considered Sub-Processors.

4. Security

HIOX may apply technical and organizational measures such as encryption, access controls, intrusion monitoring, and audits wherever applicable and proportionate to the Services. Customer acknowledges no method of transmission or storage is 100% secure.

5. Data Subject Rights

The Customer, as Controller, is responsible for handling data subject requests (e.g., from end-users). Where feasible, HIOX will provide reasonable assistance to enable Customer to fulfill the following rights in accordance with applicable laws:

  • Access – obtain information about personal data processed and access a copy.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – delete personal data, subject to legal/technical limits.
  • Restriction – restrict processing under certain conditions.
  • Portability – receive data in a commonly used, machine-readable format where applicable to the Service.
  • Objection – object to certain processing, including direct marketing.
  • Automated Decisions – not to be subject solely to automated decisions producing legal effects, unless permitted by law.

6. Cross-Border Transfers

Customer data may be processed outside India. HIOX will implement appropriate safeguards (e.g., Standard Contractual Clauses or equivalent) where required by law.

7. Retention & Deletion

Upon termination of Services, HIOX will delete Customer personal data within a reasonable period, unless retention is required by applicable law or regulation.

← Return to Legal Agreements Index