Data Processing Agreement

For customer information stored within Suiviro:

Customer — the Customer is the Data Controller. The Customer determines what information is collected, which customers are entered, and how information is used.

Suiviro — Suiviro acts as the Data Processor. Suiviro processes information solely to provide the Services.

Customer Data may include names, phone numbers, email addresses, addresses, job history, notes, uploaded photos, communications, and files and attachments. Customer Data remains the property of the Customer.

Customers retain ownership of client records, job records, staff records, communications, uploaded files, photos and notes. Suiviro acquires no ownership rights over Customer Data.

Suiviro may process Customer Data to:

• Store information
• Display information
• Synchronise integrations
• Send notifications
• Generate reports
• Provide customer support
• Maintain security

Processing is limited to providing the Services.

• HTTPS encryption
• Access controls
• Role-based permissions
• Audit logging
• Secure hosting
• Backup procedures

Suiviro may engage third-party service providers including hosting providers, payment providers, email providers, SMS providers, analytics providers and integration providers. Subprocessors are used only where reasonably necessary to provide the Services.

Customer Data is retained while accounts remain active, for backup purposes, and to comply with legal obligations. Customers may request deletion of their data subject to legal and operational requirements.

Customers may request export of their data. Where technically feasible, Suiviro will provide data in a commonly used electronic format such as CSV, PDF or JSON depending on the information requested.

Upon account termination, customers may request deletion of Customer Data. Deletion requests may be subject to backup retention periods, legal obligations and security requirements.

If Suiviro becomes aware of a material security incident affecting Customer Data, Suiviro will investigate the incident, take reasonable containment measures, notify affected customers where appropriate, and restore services where possible.

• Obtaining required consents
• Complying with privacy laws
• Managing user access
• Maintaining accurate records
• Reviewing permissions

Customer Data may be processed in jurisdictions where Suiviro or its providers operate. Reasonable safeguards will be applied where data is processed internationally.

Upon termination of services, customers may request a reasonable opportunity to retrieve their data before deletion.

This DPA is governed by the laws of Western Australia and the Commonwealth of Australia.

Data protection enquiries: admin@suiviro.com. Suiviro Pty Ltd (ACN: pending), Australia.