Draft notice: This DPA is a working draft pending review by qualified data-protection counsel. Final version will be published before commercial launch (target: 1 August 2026).

Data Processing Addendum

Last updated: 24 June 2026  ·  Version 0.1 (draft)

Note on role: This DPA applies when Landvex acts as a data processor for enterprise customers with bespoke processing missions. For standard Landvex intelligence products, Landvex acts as an independent data controller — please contact legal@landvex.com for controller-to-controller terms.

This Data Processing Addendum ("DPA") supplements the main service agreement between the customer ("Controller") and Landvex AB, org.nr 559141-7042, Tyresö, Sweden ("Processor").

1. Processing instructions

Processor shall process personal data only on Controller's documented instructions, including with regard to transfers of personal data to a third country, unless required to do so by Union or Member State law; in such case, Processor shall inform Controller of that legal requirement before processing, unless the law prohibits this on grounds of public interest.

2. Confidentiality

Processor shall ensure that all personnel authorised to process personal data under this DPA are bound by appropriate confidentiality obligations (whether contractual or statutory) and have received appropriate data-protection training.

3. Security

Processor shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. A description of current measures is published at landvex.com/security/.

4. Sub-processors

Processor's current sub-processors are listed at landvex.com/subprocessors/. Controller grants general written authorisation to engage the listed sub-processors. Processor will give Controller at least 30 days' prior notice of any intended changes to the list. Controller may object to a new sub-processor within the notice period by contacting legal@landvex.com.

5. Data-subject requests

Processor shall assist Controller in responding to requests from data subjects exercising their rights under applicable data protection law. Processor will notify Controller of any such request received within 5 business days of receipt and will not respond directly to data subjects unless authorised to do so by Controller.

6. Breach notification

Processor shall notify Controller of any personal data breach without undue delay and in any event within 24 hours of Processor becoming aware of it. Notification will include, to the extent available: the nature of the breach; categories and approximate number of data subjects and records concerned; likely consequences; and measures taken or proposed to address the breach.

7. Deletion and return

Upon termination or expiry of the service agreement, Processor shall, at Controller's choice, delete or return all personal data to Controller, and delete existing copies, within 30 days. Processor shall provide a written certification of deletion upon request. This obligation does not apply to the extent Processor is required by Union or Member State law to retain the personal data.

8. Audit rights

Processor shall make available all information reasonably necessary to demonstrate compliance with this DPA and, at Controller's reasonable request and cost, contribute to audits or inspections. Audits are limited to once per calendar year except where required by a supervisory authority or following a confirmed personal data breach. Controller shall provide reasonable prior notice.

9. International transfers

Any transfer of personal data outside the EEA will be made subject to appropriate safeguards, including EU Standard Contractual Clauses (Modules 2 and/or 3 as applicable) and supplementary technical and organisational measures, unless an adequacy decision applies.

10. Execute this DPA

To discuss, negotiate, or execute this DPA for your organisation, contact: legal@landvex.com

Contact

Landvex AB · org.nr 559141-7042 · Tyresö, Sweden
legal@landvex.com · privacy@landvex.com