Data Processing Agreement

1. Parties

Controller: The organisation subscribing to the No Slip platform.

Processor: Gyzer Technologies Ltd, Company No. 15058377, 20-22 Wenlock Road, London N1 7GU.

2. Subject matter and purpose

This DPA governs the processing of personal data by Gyzer Technologies as Processor on behalf of the Controller in connection with the provision of the No Slip programme intelligence platform.

3. Nature of processing

Storage, retrieval, and display of personal data submitted by users of the No Slip platform, including names, email addresses, programme actions, and audit log entries.

4. Duration

This DPA remains in effect for the duration of the subscription agreement plus 90 days following termination, after which personal data will be deleted.

5. Processor obligations

Gyzer Technologies agrees to:

• Process personal data only on the Controller's documented instructions.
• Implement appropriate technical and organisational security measures, including ISO/IEC 27001:2022 certification.
• Maintain a list of sub-processors and notify the Controller within 30 days of any change.
• Assist the Controller in responding to data subject rights requests.
• Notify the Controller within 72 hours of becoming aware of a personal data breach.

6. Sub-processors

Current sub-processors are listed on the security page at noslip.co.uk/security. The Controller provides general consent to the use of sub-processors listed at contract signature, with the right to object to new sub-processors.

7. Request the production DPA

The final, solicitor-reviewed DPA is available for review before signature. Contact trust@noslip.co.uk to request a copy.