Last updated June 4, 2026
This Data Processing Addendum ("DPA") forms part of the Terms of Service or other written agreement between Awanoo, Inc. ("Awanoo," "we," or "us") and the customer ("Customer," "you") for the provision of the Services (the "Agreement"). This DPA reflects the parties' agreement on the Processing of Personal Data in connection with the Services.
This DPA applies to the extent Awanoo Processes Customer Personal Data on Customer's behalf. If there is a conflict between this DPA and the Agreement with respect to the Processing of Personal Data, this DPA controls. Capitalized terms not defined here have the meaning given in the Agreement.
The parties acknowledge that, with respect to the Processing of Customer Personal Data, Customer is the Controller (or a Processor acting on behalf of a third-party Controller) and Awanoo is the Processor (or Sub-processor). For Processing subject to the CCPA, Customer is the Business and Awanoo is the Service Provider. The subject matter, nature, purpose, and duration of the Processing, the types of Personal Data, and the categories of Data Subjects are described in Annex I.
Awanoo will Process Customer Personal Data only on Customer's documented instructions, including as set out in the Agreement, this DPA, and Customer's configuration and use of the Services, unless required to do otherwise by applicable law (in which case Awanoo will inform Customer of that legal requirement before Processing, unless the law prohibits it).
Awanoo will inform Customer if, in its opinion, an instruction infringes Applicable Data Protection Laws. Customer is responsible for the accuracy and legality of Customer Personal Data and the means by which Customer acquired it, and for having an appropriate legal basis and providing all required notices and obtaining all required consents for Awanoo to Process Customer Personal Data as contemplated by the Agreement.
Awanoo will ensure that personnel authorized to Process Customer Personal Data are bound by appropriate obligations of confidentiality and have received appropriate training on their responsibilities.
Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk to Data Subjects, Awanoo will implement and maintain appropriate technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. A description of these measures is set out in Annex II.
Customer provides general authorization for Awanoo to engage Sub-processors to Process Customer Personal Data, subject to this section. Awanoo will: (a) enter into a written agreement with each Sub-processor imposing data protection obligations no less protective than those in this DPA; and (b) remain responsible for each Sub-processor's performance of its obligations.
A current list of Sub-processors is described in Annex III and is available on request. Awanoo will give Customer notice of any intended addition or replacement of a Sub-processor with a reasonable opportunity to object on reasonable data-protection grounds. If the parties cannot resolve a timely objection, Customer may, as its sole remedy, terminate the affected portion of the Services.
Taking into account the nature of the Processing, Awanoo will assist Customer by appropriate technical and organizational measures, insofar as reasonably possible, to respond to requests from Data Subjects exercising their rights under Applicable Data Protection Laws (such as access, rectification, erasure, restriction, portability, and objection). If Awanoo receives such a request directly relating to Customer Personal Data, it will, to the extent legally permitted, promptly inform Customer and advise the Data Subject to submit the request to Customer.
Taking into account the nature of Processing and the information available to Awanoo, Awanoo will provide reasonable assistance to Customer with its obligations relating to the security of Processing, Personal Data Breach notification, data protection impact assessments, and prior consultations with supervisory authorities.
Awanoo will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data. Such notification will include the information reasonably available to Awanoo to help Customer meet its obligations to report the incident. Awanoo will take reasonable steps to mitigate and remediate the Personal Data Breach. Awanoo's notification is not an acknowledgment of fault or liability.
Awanoo will not transfer Customer Personal Data to a country outside the European Economic Area, the United Kingdom, or Switzerland that does not ensure an adequate level of protection unless it has taken measures necessary to ensure the transfer is compliant with Applicable Data Protection Laws. Where required, the SCCs (including, as applicable, Module Two for Controller-to-Processor or Module Three for Processor-to-Processor transfers) are incorporated into this DPA by reference and apply to such transfers, together with the UK International Data Transfer Addendum and any Swiss amendments. Where Awanoo participates in a recognized transfer framework (such as the EU-U.S. Data Privacy Framework), that mechanism may also apply.
To the extent Awanoo Processes Personal Data subject to the CCPA on Customer's behalf, Awanoo acts as a Service Provider and will: (a) not Sell or Share such Personal Data; (b) not retain, use, or disclose it for any purpose other than the business purpose of providing the Services specified in the Agreement, or as otherwise permitted by the CCPA; (c) not retain, use, or disclose it outside the direct business relationship between the parties; and (d) not combine it with Personal Data received from or on behalf of another party, except as permitted by the CCPA. Awanoo certifies that it understands and will comply with these restrictions.
Upon termination or expiry of the Agreement, Awanoo will, at Customer's choice, delete or return Customer Personal Data within a reasonable period and delete existing copies, unless applicable law requires continued storage. Until deletion or return, this DPA continues to apply to that Customer Personal Data.
Awanoo will make available to Customer information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to reasonable notice, confidentiality obligations, and frequency limits, and conducted in a manner that does not unreasonably disrupt Awanoo's operations. Awanoo may satisfy audit requests by providing current third-party certifications or audit reports (such as SOC 2 or ISO/IEC 27001) where available.
Each party's liability arising out of or related to this DPA, whether in contract, tort, or under any other theory of liability, is subject to the limitations and exclusions of liability set out in the Agreement.
This DPA takes effect on the effective date of the Agreement and remains in effect for as long as Awanoo Processes Customer Personal Data. Except as amended by this DPA, the Agreement remains in full force and effect, and its terms (including governing law and dispute resolution) apply to this DPA.
Data exporter: Customer, the entity that has entered into the Agreement, acting as Controller (or Processor on behalf of a Controller). Data importer: Awanoo, Inc., acting as Processor (or Sub-processor), providing the Services described in the Agreement.
Where the GDPR applies, the competent supervisory authority is determined in accordance with Applicable Data Protection Laws based on Customer's place of establishment or its EU representative.
Awanoo maintains a security program that includes, at a minimum, the following measures, which may be updated over time provided they do not materially reduce the overall level of protection:
Awanoo engages Sub-processors to provide infrastructure and supporting services, which may include cloud hosting and compute, data storage and warehousing, and email and communications providers. A current list of Sub-processors, including the name, location, and processing activity of each, is available on request by contacting legal@awanoo.com.
If you have questions about this DPA or wish to execute it for your account, contact us: