The client is usually the controller and RK TECH LTD is usually the processor for client personal data processed to deliver agreed services. If the parties act as independent controllers for a specific activity, that activity should be described in the project agreement.
Last updated: 7 May 2026
Data Processing Addendum
This public DPA is designed for RK Tech client projects where RK TECH LTD processes personal data on behalf of a client. It applies only when incorporated into a written proposal, statement of work, or client agreement.
Not automatically binding: this DPA becomes part of a contract only if the relevant project agreement says so.
Roles and scope
Instructions
RK TECH LTD will process client personal data only on documented instructions from the client, including instructions contained in the project agreement, statement of work, support ticket, or authorised project communication, unless required by law.
Confidentiality and security
RK TECH LTD will ensure that people authorised to process client personal data are subject to confidentiality obligations. We will use appropriate technical and organisational measures considering the nature of the project, such as access controls, encrypted transport, least-privilege access, secure credential handling, and reasonable development environment controls.
Sub-processors
RK TECH LTD may use sub-processors needed for delivery, hosting, collaboration, diagnostics, communication, and development operations. The project agreement may list project-specific sub-processors. RK TECH LTD remains responsible for sub-processor performance of data protection obligations.
International transfers
Where client personal data is transferred outside the UK or EEA, RK TECH LTD will use an applicable transfer mechanism such as adequacy regulations, EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or the UK Addendum to EU Standard Contractual Clauses.
Assistance
Taking into account the nature of processing and information available, RK TECH LTD will reasonably assist the client with data subject requests, security obligations, breach assessment, data protection impact assessments, and regulator consultation where required by applicable data protection law.
Personal data breach
RK TECH LTD will notify the client without undue delay after becoming aware of a personal data breach affecting client personal data and will provide information reasonably available to help the client meet its legal obligations.
Deletion or return
At the end of services, RK TECH LTD will delete or return client personal data in line with the project agreement, unless retention is required by law or legitimate record-keeping obligations. Backup deletion may follow ordinary backup cycles.
Audit and records
RK TECH LTD will make information reasonably necessary to demonstrate compliance available to the client and allow reasonable audits or inspections under agreed confidentiality, security, timing, and scope controls.
Processing schedule
| Subject matter | Software development, QA, support, automation, integrations, analytics implementation, infrastructure support, and related project services. |
|---|---|
| Duration | The project term plus any agreed support, warranty, retention, or deletion period. |
| Data subjects | Client staff, contractors, customers, users, leads, suppliers, or other people whose data is included in systems or materials provided by the client. |
| Data categories | Contact details, account identifiers, support communications, usage data, project data, test data, and any other categories documented in the project agreement. |
| Special categories | Not expected unless expressly agreed and protected by project-specific controls. |
