RETURN TO HUB

DATA PROCESSING AGREEMENT

B2B ADDENDUMUK GDPR / EU GDPRUHG TECH LTD

This Data Processing Agreement ("DPA") forms part of the Terms of Service between UHG TECH LTD ("Data Processor") and the corporate entity utilizing the OMNEX 0X ecosystem ("Data Controller"). It reflects the parties' agreement regarding the processing of Personal Data.

1. Processing Roles & Scope

Under international data protection laws (including UK GDPR and EU GDPR), the Client operates as the Data Controller, determining the purposes and means of processing. UHG TECH LTD acts exclusively as the Data Processor.

  • Nature of Processing: Algorithmic routing, cognitive analysis via GOCA, financial telemetry via Aura, and encrypted storage of corporate operational data.
  • Duration: For the duration of the active SaaS subscription, plus a maximum of 72 hours post-termination for the Cascade Deletion Protocol execution.

2. Technical & Organizational Measures (TOMs)

The Processor shall implement and maintain enterprise-grade security architecture designed to protect Personal Data against unauthorized access or destruction.

Encryption Standards

AES-256 for data at rest. TLS 1.3 cryptographic tunneling for all API and Grid data in transit.

Zero-Trust Isolation

Multi-tenant namespace isolation mathematically preventing cross-pollination of corporate data.

3. Authorized Sub-Processors & AI Reasoning Engines

The Controller provides general authorization for UHG TECH LTD to engage third-party Sub-Processors (e.g., Tier-3 Cloud Infrastructure, External Foundational AI Models).

The "No-Training" Guarantee:

When leveraging external AI APIs for raw computational reasoning, UHG TECH LTD strictly enforces "PII Redaction" prior to transmission. Furthermore, our agreements with these providers explicitly prohibit the use of Controller Data to train, fine-tune, or improve their public foundational models.

4. Security Incident Response

Upon becoming aware of a confirmed Personal Data Breach compromising the Matrix, UHG TECH LTD shall notify the Controller without undue delay, and in any event within seventy-two (72) hours. We will provide full cooperation and forensic logs (via the Akashic module) to assist the Controller in meeting their regulatory reporting obligations.

5. Audit Rights

Upon written request (minimum 30 days notice), the Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA. The Controller retains the right to conduct a technical audit of the OMNEX infrastructure, provided it is executed by an independent, mutually agreed-upon cybersecurity firm, under a strict Non-Disclosure Agreement (NDA).