Data Protection Addendum
This Data Protection Addendum (‘DPA’) forms part of the agreement between AWM and customers who process personal data through our services.
Contents
- Roles & Responsibilities
- Security Measures
- Subprocessors
- Data Subject Requests
- Retention & Deletion
- Incident Response
Roles & Responsibilities
Customers act as controllers and AWM acts as a processor unless otherwise specified. Each party ensures personal data is processed lawfully and documented in mutual agreements.
Security Measures
We maintain administrative, technical, and physical safeguards. Controls include encryption, access management, network monitoring, vulnerability scanning, and industry-standard SDLC practices.
Subprocessors
We engage vetted subprocessors for infrastructure, analytics, and support. A current list is maintained in the our Trust Center. Customers may subscribe to change notifications.
Data Subject Requests
We assist customers with responding to data subject requests by providing tooling, audit trails, and API endpoints. Requests received directly from data subjects are routed to the appropriate customer contact.
Retention & Deletion
Customers control retention schedules. Upon termination, we delete or return personal data within agreed timelines unless law requires retention.
Incident Response
We maintain a documented incident response process, including 24/7 monitoring, containment, eradication, recovery, and post-incident reviews. Material incidents trigger notifications without undue delay.