Enterprise customers can request a countersigned copy of this DPA at info@onefirmintel.com.

1. Roles

For company-register data and our own account/usage data, OneFirmIntel (1EOR Global) acts as an independent controller (see our Privacy Policy). Where you, as a business customer, instruct us to process personal data that you control (for example data you upload or submit through the service), we act as your processor, and this DPA governs that processing under Article 28 of the UK GDPR.

2. Scope of processing

Subject matter & duration: for the term of your use of the service. Nature & purpose: hosting, storage and retrieval of company-intelligence data to provide the service. Types of personal data: business-contact and company-officer data within records you process. Categories of data subjects: your personnel and the company officers in the records you access.

3. Our obligations as processor

• Process personal data only on your documented instructions, including for international transfers, unless required by law (in which case we will tell you where permitted).
• Ensure persons processing the data are bound by confidentiality.
• Implement appropriate technical and organisational security measures (Article 32) — see section 6.
• Engage sub-processors only as set out in section 5 and impose equivalent data-protection terms on them.
• Assist you, taking account of the nature of processing, with responding to data-subject rights requests.
• Assist you with security, breach notification and data protection impact assessments. We will notify you without undue delay after becoming aware of a personal data breach affecting your data.
• At the end of the service, delete or return the personal data, and delete existing copies unless storage is required by law.
• Make available information necessary to demonstrate compliance and allow for reasonable audits.

4. Your obligations as controller

You confirm you have a lawful basis and any necessary notices/consents for the personal data you process through the service, and that your instructions comply with data protection law.

5. Sub-processors

We use the following sub-processors to deliver the service: Stripe (payments), Hostinger (hosting and email), and our company-data infrastructure provider. We will give reasonable notice of any new or replacement sub-processor and give you the opportunity to object on reasonable data-protection grounds.

6. Security measures

Encryption in transit (HTTPS/TLS), hashed credentials, access controls and least-privilege, database-backed sessions, CSRF protection, rate limiting, audit logging, and watermarked exports. Measures are reviewed and updated over time.

7. International transfers

Where personal data is transferred outside the UK, we rely on UK adequacy regulations or appropriate safeguards (UK IDTA or the UK Addendum to the EU SCCs).

8. Liability and governing law

Liability under this DPA is subject to the limitations in the Terms of Service. This DPA is governed by the laws of England and Wales.

9. Contact

Data protection enquiries: info@onefirmintel.com.