Skip to main content

Pentrova is launching soon. Join the waitlist for early access.Join the waitlist

Last updated:

Data Processing Addendum

This Data Processing Addendum (the “DPA”) forms part of the master agreement between PENTROVA TECHNOLOGIES PRIVATE LIMITED (“Pentrova”, acting as data processor) and the customer (acting as data controller). It governs the processing of personal data under the General Data Protection Regulation (GDPR) and other applicable privacy laws. Pentrova countersigns this DPA with the master agreement on signature; a countersigned copy is available on request.

Request a countersigned copy

1. Scope and roles

The customer determines the purposes and means of processing personal data and therefore acts as the data controller. Pentrova processes personal data on the customer’s behalf under this DPA and acts as a data processor. This DPA applies to every processing activity Pentrova performs while delivering the Services.

2. GDPR Article 28 obligations

  • Pentrova will process personal data only on documented instructions from the customer, including with regard to transfers to a third country.
  • Personnel authorised to process personal data are bound by written confidentiality obligations.
  • Pentrova maintains technical and organisational measures sufficient to ensure a level of security appropriate to the risk, as required by Article 32 GDPR.
  • Pentrova will assist the customer with data-subject requests, DPIA consultations, and breach notifications, and will notify the customer without undue delay after becoming aware of a personal data breach.
  • At the customer’s choice, Pentrova will delete or return all personal data at the end of the Services and delete existing copies unless retention is required by law.
  • Pentrova will make available all information necessary to demonstrate compliance and will allow for and contribute to audits, subject to confidentiality and reasonable scheduling.

3. Subprocessors

Pentrova engages subprocessors to provide the Services. The categories of subprocessors we use are described in our Privacy Policy, and the current named list, with locations and data categories, is provided to customers under this DPA and on request. Customers will be notified of new subprocessors through the customer notification channel prior to the new subprocessor being engaged, and may object for legitimate reasons as described in the master agreement.

4. International data transfers and SCCs

Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a third country not covered by an adequacy decision, the EU Standard Contractual Clauses (Module Two: controller-to-processor) are incorporated by reference, together with the UK International Data Transfer Addendum and the Swiss supplemental clauses as applicable. The SCCs prevail in the event of conflict with this DPA on transfer issues.

5. Security measures

Pentrova applies the technical and organisational safeguards described in the Trust Center, including encryption in transit and at rest, least-privilege access controls, and tenant isolation by design. Pentrova is a new company and does not yet hold an independent security certification; our ISO 27001 program status and any audit timeline are published in the Trust Center, and the executed DPA reflects the certification status in force at signature.

6. Contact

Privacy and DPA questions should be directed to support@pentrova.ai. A countersigned copy is available on request.

Site search

↑↓ navigateEnter openEsc close