Back to Home

Data Processing Agreement

Last updated: March 24, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Service Agreement between BAEVOS GLOBAL SERVICES LIMITED ("Processor" or "BAEVOS") and the Client ("Controller") for the provision of business process outsourcing services.

This DPA sets out the terms and conditions under which BAEVOS will process personal data on behalf of the Controller in connection with the services provided.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • "Data Subject" means the individual to whom the personal data relates.
  • "Sub-processor" means any third party engaged by BAEVOS to process personal data on behalf of the Controller.

3. Scope of Processing

3.1 Subject Matter

BAEVOS will process personal data as necessary to provide the business process outsourcing services specified in the Service Agreement, including but not limited to:

  • Customer support and service operations
  • Sales and lead generation activities
  • Back office administration and data processing
  • Virtual assistance services
  • E-commerce support operations

3.2 Categories of Data Subjects

Personal data processed may relate to:

  • Controller's customers and prospective customers
  • Controller's employees and contractors
  • Controller's business contacts and partners

3.3 Types of Personal Data

Personal data processed may include:

  • Contact information (name, email, phone, address)
  • Account and transaction information
  • Communication records
  • Service history and preferences
  • Other data as specified in the Service Agreement

4. Processor Obligations

BAEVOS agrees to:

  • Process personal data only on documented instructions from the Controller
  • Ensure personnel authorized to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to data subject requests
  • Assist the Controller with data protection impact assessments when required
  • Delete or return all personal data upon termination of services, unless retention is required by law
  • Make available all information necessary to demonstrate compliance with this DPA
  • Allow for and contribute to audits and inspections conducted by the Controller

5. Security Measures

BAEVOS implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption of personal data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security testing and vulnerability assessments
  • Employee training on data protection and security
  • Incident response and business continuity procedures
  • Physical security controls at data processing locations
  • Regular backups and disaster recovery capabilities

6. Sub-processors

BAEVOS may engage sub-processors to assist in providing services. BAEVOS will:

  • Enter into written agreements with sub-processors imposing equivalent data protection obligations
  • Remain liable for sub-processor compliance
  • Maintain a list of sub-processors available upon request
  • Notify the Controller of any intended changes to sub-processors, allowing reasonable time for objections

7. International Transfers

Where personal data is transferred outside the Controller's jurisdiction, BAEVOS ensures appropriate safeguards are in place, which may include:

  • Standard Contractual Clauses approved by relevant authorities
  • Binding Corporate Rules
  • Other legally recognized transfer mechanisms

8. Data Breach Notification

In the event of a personal data breach, BAEVOS will:

  • Notify the Controller without undue delay (within 48 hours of becoming aware)
  • Provide all relevant information about the breach
  • Cooperate with the Controller's investigation and remediation efforts
  • Take immediate steps to contain and mitigate the breach
  • Document the breach and response actions taken

9. Data Subject Rights

BAEVOS will assist the Controller in fulfilling data subject requests, including requests for:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of personal data
  • Restriction of processing
  • Data portability
  • Objection to processing

10. Term and Termination

This DPA shall remain in effect for the duration of the Service Agreement. Upon termination:

  • BAEVOS will cease processing personal data except as required for proper handover
  • BAEVOS will return or delete all personal data as instructed by the Controller
  • BAEVOS will provide certification of data deletion upon request

11. Liability

Each party's liability under this DPA shall be subject to the limitations set forth in the Service Agreement, except that neither party limits its liability for breaches of data protection obligations to the extent prohibited by law.

12. Contact Information

For questions about this Data Processing Agreement, please contact:

BAEVOS GLOBAL SERVICES LIMITED
Email: hello@baevos.com
Website: www.baevos.com