Data Processing Addendum
Legal

Data Processing Addendum

Last Updated: March 2026

This Data Processing Addendum (“DPA”) forms part of the agreement between Edutain 360 LLC (“Processor”, “Edutain 360”, “we”, “our”, or “us”) and the customer (“Controller”, “Customer”, or “you”) for the provision of services.

This DPA applies whenever Edutain 360 processes Personal Data on behalf of the Customer.

01

Definitions

For purposes of this DPA:

  • Applicable Data Protection Law means all applicable privacy and data protection laws, including where applicable the General Data Protection Regulation (EU) 2016/679 (“GDPR”), UK GDPR, and other applicable privacy laws.
  • Controller means the entity determining the purposes and means of processing Personal Data.
  • Processor means the entity processing Personal Data on behalf of the Controller.
  • Personal Data means any information relating to an identified or identifiable natural person.
  • Processing means any operation performed on Personal Data including collection, storage, use, transmission, deletion, or disclosure.
02

Scope

This DPA applies whenever Edutain 360 processes Personal Data while providing:

  • Custom eLearning development
  • Learning Management System (LMS) services
  • Learning consulting
  • AI-assisted learning services
  • Course hosting
  • Technical support
  • Content management
  • Training administration
  • SaaS platform services
03

Roles of the Parties

The Customer acts as the Controller.

Edutain 360 acts as the Processor.

Each party agrees to comply with applicable data protection laws.

04

Nature of Processing

Edutain 360 may process Personal Data solely for the purpose of delivering agreed services.

Processing activities may include:

  • Hosting learner accounts
  • Managing user enrollments
  • Delivering training
  • Tracking course completion
  • Generating learning reports
  • Technical support
  • Customer communications
  • Platform administration
  • System maintenance
05

Categories of Personal Data

Depending on the services provided, Personal Data may include:

  • Name
  • Email address
  • Job title
  • Employer
  • User ID
  • Learning progress
  • Assessment results
  • Course completion history
  • Login activity
  • Device information
  • IP address
  • Support communications

Customers should avoid uploading unnecessary sensitive personal data unless explicitly agreed.

06

Categories of Data Subjects

Personal Data may relate to:

  • Employees
  • Contractors
  • Customers
  • Learners
  • Instructors
  • Administrators
  • Job applicants
  • Website users
07

Processing Instructions

Edutain 360 shall process Personal Data only:

  • According to documented Customer instructions;
  • As required to provide the contracted services; or
  • As required by applicable law.
08

Confidentiality

Edutain 360 shall ensure that personnel with access to Personal Data are bound by confidentiality obligations and receive appropriate privacy and security training.

09

Security Measures

Edutain 360 implements reasonable technical and organizational safeguards appropriate to the risks involved, including where appropriate:

  • Encryption of data in transit
  • Access controls
  • Authentication mechanisms
  • Role-based permissions
  • Secure cloud infrastructure
  • Backup procedures
  • Logging and monitoring
  • Software updates
  • Vulnerability management

Security measures may evolve over time as technology and industry practices change.

10

Subprocessors

Edutain 360 may engage trusted subprocessors to provide infrastructure and support services.

Examples include:

  • Cloud hosting providers
  • Payment processors
  • Email delivery providers
  • Customer support platforms
  • Analytics providers
  • AI service providers
  • Learning technology vendors

Edutain 360 remains responsible for ensuring subprocessors are subject to appropriate contractual obligations regarding Personal Data.

A current list of subprocessors will be provided upon reasonable request.

11

International Transfers

Where Personal Data is transferred internationally, Edutain 360 will implement appropriate safeguards required by applicable law.

These safeguards may include:

  • Standard Contractual Clauses (SCCs)
  • Contractual safeguards
  • Other lawful transfer mechanisms
12

Data Subject Requests

Where legally permitted, Edutain 360 will promptly notify the Customer of requests relating to:

  • Access
  • Correction
  • Deletion
  • Restriction
  • Portability
  • Objection

Edutain 360 will assist the Customer in responding to such requests where reasonably required.

13

Data Breach Notification

Edutain 360 shall notify the Customer without undue delay after becoming aware of a confirmed Personal Data breach affecting Customer data.

The notification shall include, where available:

  • Nature of the incident
  • Categories of affected data
  • Likely consequences
  • Mitigation measures taken
  • Recommended actions
14

Assistance

Taking into account the nature of the processing, Edutain 360 will provide reasonable assistance to the Customer regarding:

  • Security obligations
  • Data Protection Impact Assessments (where applicable)
  • Regulatory inquiries
  • Compliance with applicable data protection laws
15

Data Retention

Personal Data will be retained only for as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce contractual rights.

Upon termination of the services, Personal Data will be deleted or returned to the Customer upon request, unless retention is required by law.

16

Audits

Upon reasonable written request and subject to appropriate confidentiality obligations, Edutain 360 will make available information reasonably necessary to demonstrate compliance with this DPA.

Audits shall:

  • Be conducted during normal business hours;
  • Be limited to once per year unless required by law; and
  • Not unreasonably interfere with business operations.
17

Liability

Each party’s liability under this DPA shall be governed by the limitation of liability provisions contained in the applicable Services Agreement or Terms & Conditions.

18

Governing Law

This DPA shall be governed by the governing law specified in the applicable Services Agreement.

If no governing law is specified, this DPA shall be governed by the laws of the State of Delaware, United States.

19

Order of Precedence

If there is a conflict between this DPA and the applicable Services Agreement concerning Personal Data processing, this DPA shall prevail solely with respect to data protection obligations.

20

Contact

Questions regarding this DPA may be directed to:

Robert David
Robert David
Head of Learning Partnerships

Let's connect and explore what's possible!

Get in Touch