Data Processing Agreement

This Data Processing Agreement was last updated on 16 June 2025.

Important Information

  1. The Packet Hub is a South African company with registration number 2010/139075/23 (referred to in this Agreement as "TPH"). "We" are TPH, and "you" are any person or legal entity who accesses and uses a TPH Service. You and TPH are collectively referred to as "the Parties" in this Agreement.
  2. This Data Processing Agreement ("DPA") governs how TPH handles personal data on behalf of its customers. It applies by default to you and any customer who uses a TPH Service and accepts the applicable terms and conditions via our Online Portal or through another authorised mechanism. This Agreement outlines TPH's rights and obligations regarding the collection, processing, storage, and protection of personal data in accordance with applicable data protection laws, including the Protection of Personal Information Act (POPIA), and reflects our commitment to privacy, transparency, and compliance.
  3. This DPA constitutes the standard data processing agreement applicable to TPH Services and accepted electronically via our portal. It may only be overridden by a separate written agreement, signed by both you and TPH, that expressly states it supersedes this DPA. In the event of such a conflict, the signed agreement will prevail.
  4. This DPA forms part of the broader contractual relationship between you and TPH and must be read in conjunction with our Terms and Conditions, Privacy Policy, and Cookie Policy.
    1. Terms used in this DPA shall have the same meaning as defined in POPIA and the TPH General Terms and Conditions, unless expressly defined otherwise in this Agreement. In the event of any inconsistency, the definitions provided in this Agreement shall prevail for the purposes of interpreting this DPA.
    2. Controller. Means you, the customer, who subscribes to and uses the TPH Services and determines, either for yourself or on behalf of another party, the purposes and means of the processing of personal data under this Agreement.
    3. Processor. Means TPH, who processes personal data on behalf of the Controller in accordance with this DPA and applicable law.
    4. Sub Processor. Means any third party engaged by TPH who processes personal data on behalf of TPH in the course of providing the Services.
    5. Subject Matter. This DPA governs TPH's processing of personal data on behalf of the Controller in connection with the provision and use of TPH Services.
    6. Nature and Purpose of Processing. TPH processes personal data solely for the purposes of delivering its Services, including but not limited to monitoring, analysis, alerting, reporting, and related support functions. Details regarding specific processing purposes and data types are outlined in the TPH Privacy Policy.
    7. Types of Personal Data Processed. The categories of personal data vary depending on the service provided and are defined in detail in the TPH Privacy Policy which forms part of this DPA.
    8. Categories of Data Subjects. End users, individuals, or data subjects whose personal data may be associated with the Controller and appear in the context of the TPH Services provided. This may include the Controller's employees, customers, or users processed as part of Services like breach monitoring, infrastructure scanning, etc.
    1. Data processing shall continue for the duration of the Controller’s subscription to and use of TPH Services and as required by applicable law.
    1. Process personal data only on documented instructions from the Controller, as defined through use of the Service.
    2. Implement appropriate technical and organizational measures to ensure data security.
    3. Ensure staff confidentiality.
    4. Assist the Controller in fulfilling data subject rights.
    5. Notify the Controller without undue delay of any data breach.
    6. Delete or return personal data at the end of the processing relationship.
    1. You confirm you have authority to act as Controller and that your instructions are lawful.
    2. You ensure that personal data you provide complies with applicable laws and have valid legal basis for processing.
    3. You’re responsible for accuracy and legality of personal data.
    4. You maintain records and comply with data subject request laws.
    5. You must not instruct TPH to process data in a way that violates POPIA or other laws.
    6. Provide cooperation when required to respond to data subject or regulator requests.
    1. TPH may engage sub-processors to fulfil its obligations. TPH ensures such engagements are subject to confidentiality and security obligations, and does not publicly disclose the identity of sub-processors except where legally required.
    1. If data is transferred outside of South Africa, such transfer shall be done in accordance with POPIA or equivalent legal safeguards.
    1. The Controller has the right to request evidence of compliance with this DPA and may conduct audits under agreed terms.
    2. Liability.
    3. Each party shall be liable only for damages caused by its own breach of this DPA or its own failure to comply with applicable data protection laws, and not for breaches caused by the other party's instructions, actions, or omissions.
    1. This DPA shall terminate automatically when the Controller no longer has any active Services with TPH and their account and associated data have been fully removed from the TPH Online Portal, unless a separate signed agreement between the Parties expressly overrides this DPA. Termination shall not affect any provisions of this DPA or TPH General Terms and Conditions that by their nature are intended to survive, including but not limited to obligations relating to confidentiality, data return or deletion, audit rights, limitation of liability, and indemnity.
    1. Where the Controller grants access to the TPH Services or to processed personal data to any third party (including its own customers, affiliates, or partners), such access must be expressly permitted in accordance with the TPH General Terms and Conditions, applicable service agreements, or as otherwise authorised in writing by TPH. The Controller must ensure that it has a valid data processing agreement or other appropriate legal basis in place with such third party before granting access. The Controller remains solely responsible for ensuring that such access is lawful and complies with all applicable data protection laws. TPH acts exclusively on the Controller's documented instructions and assumes no responsibility or obligation to such third parties.