MMyCompany.LTD
Start Free Demo

Data Processing Addendum

Last updated: 14 June 2026

1. Purpose

This Data Processing Addendum (the "DPA") describes how 1STNET MARKETING LTD processes personal data on behalf of its customers in connection with MyCompany.LTD. It is designed to support UK GDPR-aligned workflows and forms part of the agreement between the customer and 1STNET MARKETING LTD where we process personal data as a processor.

2. Parties

For the purposes of this DPA, the customer is the controller of the personal data within its workspace, and 1STNET MARKETING LTD is the processor that processes that personal data on the customer's documented instructions. Where 1STNET MARKETING LTD processes personal data for its own purposes, it does so as a controller under our Privacy Policy.

3. Subject matter

The subject matter of the processing is the provision of the MyCompany.LTD platform and related services to the customer, including the hosting and processing of customer workspace data as necessary to deliver those services.

4. Duration

Processing continues for the duration of the customer agreement and for any additional period required to return or delete personal data, or as otherwise required by applicable law.

5. Nature and purpose of processing

The nature and purpose of the processing is to provide, operate, maintain, secure, and support the platform and services for the customer, including storage, organisation, retrieval, transmission, and other operations performed on personal data in accordance with the customer's instructions and the customer agreement.

6. Categories of data subjects

The categories of data subjects may include the customer's authorised users, employees, contractors, clients, prospects, contacts, and other individuals whose personal data the customer chooses to process within its workspace.

7. Categories of personal data

The categories of personal data may include identity and contact details, business and account information, communications and correspondence, usage data, and any other personal data that the customer chooses to include within its workspace. The customer is responsible for the personal data it submits for processing.

8. Processor obligations

We will: process personal data only on the customer's documented instructions, including with regard to international transfers, unless required by law; ensure that persons authorised to process personal data are bound by appropriate confidentiality obligations; implement appropriate technical and organisational measures; assist the customer, taking into account the nature of processing, in responding to data subject requests and meeting its obligations; and make available information necessary to demonstrate compliance.

9. Customer obligations

The customer is responsible for ensuring it has a valid lawful basis and any necessary consents or notices for the personal data it processes within its workspace, that its instructions to us are lawful, and that its use of the platform complies with applicable data protection law. The customer must not provide special category data except as agreed and lawfully permitted.

10. Security measures (TOMs)

We maintain technical and organisational measures (TOMs) designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. The applicable TOMs are confirmed in writing in the customer agreement and may be updated provided that the level of protection is not materially reduced.

11. Subprocessors

The customer authorises us to engage subprocessors to support the provision of the services. We engage subprocessors under written terms that impose data protection obligations consistent with this DPA. We will notify the customer of intended changes to subprocessors so that the customer has the opportunity to object on reasonable grounds.

12. International transfers

Where personal data is transferred outside the United Kingdom, we will put in place an appropriate transfer mechanism, such as relevant adequacy regulations or standard contractual clauses with additional safeguards as appropriate. The applicable transfer mechanisms are confirmed in the customer agreement.

13. Data subject rights

Taking into account the nature of the processing, we will provide reasonable assistance to enable the customer to respond to requests from data subjects exercising their rights under applicable data protection law. Where we receive such a request directly, we will, where appropriate, direct the individual to the customer.

14. Personal data breaches

We will notify the customer without undue delay after becoming aware of a personal data breach affecting the customer's personal data, and will provide reasonable information and assistance to help the customer meet its own notification and reporting obligations.

15. Return or deletion

On termination or expiry of the customer agreement, we will, at the customer's choice, return or delete the customer's personal data, except where we are required to retain it by applicable law. Backups are deleted in the ordinary course in accordance with our retention practices.

16. Audit and information

We will make available to the customer information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by the customer or an authorised auditor, subject to reasonable notice, confidentiality, and scope as set out in the customer agreement.

17. Contact

For any questions about this DPA or our processing of personal data, please contact us at hello@1stnetmarketing.com or on 0800 593 0369. Final subprocessors, technical and organisational measures, and international transfer mechanisms are confirmed in the customer agreement.