Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the main agreement ("Agreement") between LINGUA MIRA LTD ("Hexa", "we", "us", or "our") and the customer ("Customer") for the provision of services by Hexa (the "Services") as defined in the Agreement.

Table of Contents

• Definitions - Key terms used in this DPA
• Scope and Applicability - When this DPA applies
• Customer Responsibilities - Your obligations
• Our Obligations - Hexa's commitments
• Sub-processors - Third-party data processors
• Data Subject Rights - Individual privacy rights
• Security Measures - How we protect data
• Data Transfers - International data handling
• Contact Information - How to reach us

Definitions

These definitions help clarify the terms used throughout this Data Processing Addendum.

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on Personal Data (collection, storage, modification, etc.)
• Sub-processor: Any third party we engage to process Personal Data on behalf of the Customer

Scope and Applicability

This DPA applies whenever Hexa processes Personal Data on behalf of the Customer in connection with our Services. It is subject to the terms of the Agreement and reflects our mutual understanding regarding data processing.

Customer Responsibilities

The Customer must:

• Ensure lawful basis for data processing
• Provide clear processing instructions
• Comply with applicable data protection laws
• Respond to data subject requests
• Maintain accurate and up-to-date data

Our Obligations

Hexa commits to:

• Process data only on documented instructions
• Ensure staff confidentiality
• Implement security measures
• Assist with data subject requests
• Notify of data breaches
• Support compliance efforts

Sub-processors

We may engage Sub-processors under these conditions:

• Maintain list of current Sub-processors
• Impose data protection obligations
• Remain liable for Sub-processor actions
• Notify of new Sub-processor additions
• Allow objection to new Sub-processors

Data Subject Rights

We will assist you in responding to requests from individuals to:

• Access their data
• Correct inaccurate data
• Delete their data
• Restrict processing
• Port their data
• Object to processing

Security Measures

We implement comprehensive security measures to protect Personal Data.

Our security program includes:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security assessments
• Incident response procedures
• Employee training
• Physical security measures

Data Transfers

For international data transfers, we:

• Use EU-approved mechanisms
• Implement additional safeguards
• Monitor regulatory changes
• Update transfer mechanisms as needed

Contact Information

For questions about this DPA or our data processing activities, contact us at:

privacy@hexa.im

---

Legal Compliance

LINGUA MIRA LTD maintains compliance with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• UK Data Protection Act
• Other applicable privacy laws

Last updated: March 20, 2024