DATA PROCESSING AGREEMENT (DPA)

Last Updated: 2026-03-10

This Data Processing Agreement ("DPA") governs the processing of personal data by:

INTEGRATED WORKSHOP CONTROL AND FINANCIAL SYSTEMS (PTY) LTD
Trading as Toothless Web and App

in relation to services provided to customers.

1. PURPOSE

This agreement ensures compliance with data protection regulations including:

POPIA (South Africa)

International data protection standards where applicable.

2. DEFINITIONS

Personal Data
Any information relating to an identifiable individual.

Processing
Any operation performed on personal data including storage, collection, modification, or deletion.

Data Controller
The customer who determines the purpose of data processing.

Data Processor
Toothless Web and App processing data on behalf of the customer.

3. PROCESSING OF PERSONAL DATA

Toothless Web and App may process personal data only:

As instructed by the customer

For the purpose of delivering contracted services

In accordance with applicable laws

4. TYPES OF DATA PROCESSED

Data processed may include:

Names

Email addresses

Contact information

Customer account data

Website or application data stored on hosted systems

The customer determines what data is processed.

5. SECURITY MEASURES

We implement appropriate technical and organizational safeguards including:

Secure server environments

Access controls

Authentication systems

Infrastructure monitoring

Data encryption where applicable

6. SUBPROCESSORS

We may use third-party service providers including:

Cloud infrastructure providers

Domain registrars

Payment processors

Email delivery systems

All subprocessors are required to maintain appropriate security measures.

7. DATA BREACH NOTIFICATION

In the event of a confirmed data breach affecting customer data, we will notify affected customers within a reasonable timeframe.

8. DATA RETENTION AND DELETION

Customer data will be retained only as long as necessary to:

Provide services

Comply with legal obligations

Resolve disputes

Upon termination of services, data may be deleted after a reasonable retention period.

9. CUSTOMER RESPONSIBILITIES

Customers must ensure that:

They have the legal right to collect and process personal data

They comply with applicable data protection laws

They provide privacy notices where required

10. AUDIT RIGHTS

Customers may request reasonable information regarding security measures used to protect personal data.

11. GOVERNING LAW

This DPA is governed by the laws of the Republic of South Africa.