Back to Home

Data Processing Addendum

Last updated: June 29, 2025

GDPR Compliant

Full compliance with European data protection regulations

UAE & KSA Laws

Compliant with Middle Eastern data protection requirements

Secure Processing

Advanced security measures for data protection

Addendum Overview

This Data Processing Addendum forms part of the Master Subscription Agreement governing the provision of the SaaS Services between S3C ("Processor") and the Customer ("Controller") to reflect the parties' agreement about the Processing of Customer Personal Data in compliance with applicable data protection laws.

1. DEFINITIONS

Applicable Law

Any data protection and privacy laws and regulations applicable to the Processing of Personal Data, including:

  • • UAE Federal Decree-Law No. 45 of 2021 (UAE PDPL)
  • • KSA Personal Data Protection Law (Royal Decree M/19 of 2021)
  • • General Data Protection Regulation (EU) 2016/679 (GDPR)

Controller Personal Data

Any Personal Data Processed by Processor on behalf of Controller pursuant to or in connection with the Agreement.

Standard Contractual Clauses

Contractual data transfer mechanisms or data export authorizations issued by relevant data protection authorities in UAE, KSA, and EU jurisdictions.

2. PROCESSING OF PERSONAL DATA

Processor shall Process Controller Personal Data on Controller's behalf and at Controller's instructions as specified in the Agreement and this DPA, including transfers to third countries or international organizations.

Processing Instructions

Controller instructs Processor to Process Controller Personal Data for the provision of services and transfer data to any country or territory as reasonably necessary for service provision.

3. SECURITY MEASURES

Processor shall implement appropriate technical and organizational measures to ensure an appropriate level of security of the Controller Personal Data, including:

Technical Measures

  • • Encryption of personal data
  • • Access controls and authentication
  • • Regular security assessments

Organizational Measures

  • • Staff training and confidentiality
  • • Incident response procedures
  • • Regular compliance audits

4. DATA BREACH NOTIFICATION

Processor shall notify Controller without undue delay and, where feasible, not later than within forty-eight (48) hours upon becoming aware of a Personal Data Breach affecting Controller Personal Data.

Breach Response Process

  1. 1. Immediate notification to Controller
  2. 2. Provide available information for regulatory reporting
  3. 3. Assist in investigation and remediation
  4. 4. Implement additional security measures as needed

5. DATA SUBJECT RIGHTS

Controller shall be solely responsible for compliance with statutory obligations concerning Data Subject rights. Processor will assist Controller in fulfilling these obligations.

Access
Rectification
Erasure
Portability

6. AUDIT RIGHTS

Processor shall make available to an auditor mandated by Controller such information reasonably necessary to demonstrate compliance with this DPA and allow for audits.

Audit Limitations

  • • Maximum of one audit per calendar year (except in special circumstances)
  • • Prior written notice required
  • • Conducted during normal business hours
  • • Auditor must be subject to confidentiality obligations

Contact Information

For questions about data processing or privacy matters, please contact our Data Protection Officer:
S3C Data Protection Team
#204 Brandon In Murphy, TX 75094, USA
Email: privacy@s3c.world
DPO Email: dpo@s3c.world