Last Updated: February 2026
1. Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller", "Customer") and Deadan Group Limited ("Data Processor", "DGL", "we") for the use of DPOS services.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Processing: Any operation performed on personal data
- Data Subject: The individual whose personal data is processed
- Sub-processor: Any third party engaged by DGL to process personal data
3. Scope of Processing
3.1 Subject Matter
DGL processes personal data on behalf of the Customer to provide DPOS services as described in the Terms of Service.
3.2 Nature and Purpose
Processing activities include:
- Storing and managing customer business data
- Processing transactions and payments
- Providing analytics and reporting
- Enabling communication features
3.3 Categories of Data Subjects
- Customer's employees and staff
- Customer's customers and clients
- Visitors, guests, tenants, members
- Suppliers and business contacts
4. Obligations of the Data Processor
DGL shall:
- Process personal data only on documented instructions from the Customer
- Ensure authorized personnel are bound by confidentiality obligations
- Implement appropriate technical and organizational security measures
- Engage sub-processors only with prior authorization
- Assist the Customer in responding to data subject requests
- Delete or return personal data upon termination
- Make available information necessary to demonstrate compliance
5. Security Measures
DGL implements the following security measures:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Access controls and role-based permissions
- Regular security assessments and penetration testing
- Incident detection and response procedures
- Business continuity and disaster recovery plans
- Employee security awareness training
6. Sub-processors
The Customer authorizes DGL to engage the following categories of sub-processors:
- Cloud infrastructure providers (hosting)
- Payment processing services
- Communication services (SMS, email)
- Analytics and monitoring tools
A current list of sub-processors is available upon request.
7. Data Subject Rights
DGL will assist the Customer in fulfilling data subject requests including:
- Access to personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Data portability
- Restriction of processing
8. Data Breach Notification
In the event of a personal data breach, DGL will:
- Notify the Customer without undue delay (within 72 hours)
- Provide details of the breach nature, likely consequences, and mitigation measures
- Cooperate with the Customer's breach response
9. International Transfers
Personal data may be transferred outside Kenya subject to appropriate safeguards including standard contractual clauses approved by the ODPC.
10. Term and Termination
This DPA remains in effect for the duration of the service agreement. Upon termination, DGL will delete or return all personal data within 90 days unless legally required to retain it.
11. Liability
Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service.
12. Contact
For DPA-related inquiries: dpo@dgl.co.ke
For questions about this document, contact us at legal@dpos.co.ke
Get our latest updates
Subscribe to get the latest updates on features, tips, and news about dPOS.
We'll never share your details with third parties.
View our Privacy Policy & Terms for more info.
DPOS has been carefully crafted to blend perfectly into your business. You can automate stock control, sales, purchases and so much more.
