Data Processing Agreement (DPA) & GDPR Notice

Last updated: December 15, 2024

This DPA applies when Burakorn Partners Co., Ltd. acts as Processor processing personal data on behalf of a Customer that is the Controller (as defined by GDPR/UK GDPR). If you are a regulated customer or require a countersigned copy, contact info@redcelladvisory.com.

1. Definitions

"Data Protection Laws" means all laws relating to personal data, including GDPR, UK GDPR, and local equivalents. "Customer Data" means personal data provided by or collected for the Customer under the Agreement.

2. Roles & processing instructions

The Controller is the Customer; Burakorn Partners Co., Ltd. is the Processor.

We process Customer Data only on documented instructions from the Customer, including those in this DPA and the Agreement, unless required by law.

3. Nature & purpose of processing

Processing necessary to provide fraud-intelligence, verification, and investigative deliverables; hosting; storage; analysis; communications; and customer support.

4. Categories of data & subjects

Contact data, identifiers, case-related details you lawfully provide; subjects may include your clients, counterparties, or related individuals. Special categories are not intended to be processed; if needed, Customer must ensure a lawful basis and notify us.

5. Confidentiality

We ensure personnel accessing Customer Data are subject to appropriate confidentiality obligations.

6. Security

We implement technical and organizational measures appropriate to the risk (access controls, encryption in transit, logical segregation, least privilege, monitoring, backup).

7. Sub-processors

We may use vetted sub-processors (hosting, analytics, communication, storage). We will maintain an up-to-date list and impose written data-protection terms no less protective than this DPA. Customer authorizes the current list and will be notified of changes with an opportunity to object on reasonable grounds.

8. International transfers

Where Customer Data is transferred internationally, we implement appropriate safeguards (e.g., SCCs/IDTA) and conduct transfer assessments as required.

9. Assistance to Controller

We will assist the Customer, taking into account the nature of processing, by:

responding to data-subject requests (when directed by Customer),
notifying Customer of personal-data breaches without undue delay and providing incident details,
assisting with DPIAs and consultations with authorities where reasonably required.

10. Audit

Upon reasonable prior notice, we will make available information necessary to demonstrate compliance and allow audits by Customer or a mandated auditor, subject to confidentiality, security, and frequency limits.

11. Deletion or return

At termination of Services, at Customer's choice, we will delete or return Customer Data, unless retention is required by law.

12. Liability

Liability is governed by the Agreement. Nothing in this DPA limits a data subject's rights under applicable law.

13. Order of precedence

If this DPA conflicts with the Agreement, this DPA controls to the extent of the conflict regarding processing of personal data.

14. Contact & notices

Notices regarding data protection should be sent to info@redcelladvisory.com