Data Processing Agreement (DPA) Policy

Mismoosh Ltd – Data Processing Agreement (DPA)
Effective Date: 25 July 2025

1. Introduction

This Data Processing Agreement (“Agreement”) forms part of the engagement between Mismoosh Ltd (“Processor”) and any customer or business client (“Controller”) to whom Mismoosh Ltd provides data-related services, including legal support, IT recovery, website hosting, and consultancy.

2. Definitions

  • “Data Protection Law” means UK GDPR, the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), and any applicable privacy laws.
  • “Controller” means the customer or client who determines the purpose and means of processing personal data.
  • “Processor” means Mismoosh Ltd, acting on behalf of the Controller.
  • “Data Subject” means the individual to whom personal data relates.
  • “Services” means the activities carried out by Mismoosh Ltd for the Controller.

3. Purpose of Processing

The Processor shall process personal data only:

  • For the purpose of delivering services agreed in writing (e.g., legal advice, IT recovery)
  • On documented instructions from the Controller
  • In accordance with this Agreement and applicable laws

4. Categories of Data

Depending on the services provided, personal data processed may include:

  • Names, contact information, addresses
  • Legal case files or identifiers
  • Technical device data, serial numbers
  • Photographic or audio/video evidence
  • Communications or user behaviour data

Sensitive data (e.g., health, legal documents) is only processed with written consent or lawful basis.

5. Sub-Processors

The Processor may use sub-processors to deliver secure services, including:

  • Amazon Web Services, Google, Meta (for backup and hosting)
  • Zivver (for secure legal or health data exchange)
  • Namecheap (server and SSL provider)
  • SwitchboardFree (telephony)
  • Payment processors: Stripe, PayPal, Squareup, NatWest

A full list of subprocessors is available upon request.

6. Security Measures

The Processor shall implement appropriate technical and organisational measures, including:

  • SSL encryption for all web traffic
  • 2FA login protections on email/social
  • Physical access restrictions
  • Secure deletion or return of data upon request
  • Zivver use for secure file transfers

7. Confidentiality

Mismoosh Ltd ensures:

  • Only authorised personnel have access to personal data
  • Staff and contractors are bound by confidentiality agreements
  • No data is used outside the agreed purposes

8. Data Subject Rights

The Processor shall assist the Controller, as reasonably required, in fulfilling obligations to respond to:

  • Access or rectification requests
  • Deletion or restriction requests
  • Portability of data
  • Objections to processing

9. International Transfers

Data may be transferred outside the UK or EU as needed, using:

  • Data Processing Agreements
  • UK IDTA / EU SCCs (Standard Contractual Clauses)
  • Hosting and backup agreements in line with UK and EU GDPR

For clients in jurisdictions such as the Netherlands, Germany, Belgium, or other cross-border EU cases, Mismoosh Ltd ensures lawful processing under both UK and EU frameworks, including situations involving:

  • Legal representation or support for EU-based individuals (e.g., a client in Dutch custody with legal proceedings in Germany)
  • Data transfers involving EU institutions or courts
  • Collaborative legal preparation in the UK for hearings or proceedings in other EU countries

10. Audit and Assistance

The Processor shall:

  • Provide documentation to show compliance
  • Allow audits by the Controller (with notice)
  • Notify the Controller of any data breach without undue delay

11. Duration and Termination

This Agreement remains in effect as long as services are active. Upon termination:

  • Personal data shall be deleted or returned (unless legally required to retain it)
  • A final confirmation of disposal can be provided on request

12. Governing Law

This Agreement is governed by the laws of England and Wales.
For clients based in the European Union (EU), this Agreement shall also be interpreted in accordance with the EU General Data Protection Regulation (EU GDPR) where applicable.

Mismoosh Ltd will cooperate with both UK and EU data protection authorities as needed.

Signed by:
Mismoosh Ltd – 74 Branston Road, Uppingham, LE15 9RS, UK
Email: mismooshltd@gmail.com | Phone: +44 1664 490808
Date: 25 July 2025

This document is available at: https://mismoosh.com/refund_returns-2/privacy-policy/
For legal clients or data partnerships, this forms part of your contractual agreement unless superseded by a signed separate DPA.

© Mismoosh Ltd 2025. All rights reserved.