Data Processing Addendum

Purpose

This Addendum governs the processing of personal data by BEX on behalf of customers.

Scope

This Addendum applies whenever BEX processes personal data subject to applicable privacy laws.

Roles

Depending on the circumstances, BEX may act as:

• Controller
• Processor
• Service provider

Processing Requirements

BEX will:

• Process data only as instructed
• Maintain confidentiality obligations
• Implement appropriate safeguards
• Support data subject requests
• Assist with compliance obligations

Security Measures

BEX maintains administrative, technical, and physical safeguards including:

• Access controls
• Encryption
• Monitoring
• Audit logging
• Backup and recovery procedures

Subprocessors

BEX may engage subprocessors subject to appropriate contractual protections.

International Transfers

BEX will implement appropriate safeguards for cross-border transfers when required.

Security Incident Notification

BEX will notify affected customers of confirmed security incidents in accordance with applicable law and contractual obligations.

Data Return and Deletion

Upon termination of services, BEX will return or delete customer data in accordance with contractual and legal requirements.

Contact Information

compliance@bizexchangex.io

Revision History