Last Updated Jan 19, 2026
Data Processing Addendum
This Data Processing Addendum forms part of the agreement between Estaita Ltd and enterprise customers.
1. Definitions
For the purposes of this Addendum:
Controller, Processor, Personal Data, and Processing have the meanings set out in UK GDPR and EU GDPR
Customer is the Controller
Estaita Ltd is the Processor
2. Scope of processing
Estaita processes personal data solely to provide the platform and related services.
Processing activities include:
Hosting and storage
Communication enablement
Workflow automation
AI assisted processing
Support and maintenance
3. Processor obligations
Estaita shall:
Process personal data only on documented instructions
Ensure confidentiality of authorised personnel
Implement appropriate technical and organisational measures
Assist with data subject rights where reasonably required
Notify the Customer of personal data breaches without undue delay
4. Sub processors
The Customer authorises Estaita to use sub processors.
This includes providers for:
Hosting and infrastructure
Analytics
AI services including OpenAI
Estaita remains responsible for sub processor compliance.
5. International transfers
Where data is transferred outside the UK or EU, Estaita relies on:
UK and EU Standard Contractual Clauses
Equivalent contractual safeguards
These safeguards are incorporated by reference.
6. CCPA service provider status
For US personal data, Estaita acts as a service provider.
Estaita:
Does not sell personal data
Does not retain or use data outside service provision
Processes data solely for business purposes
7. Security measures
Estaita maintains appropriate security measures including:
Access controls
Logical separation
Monitoring and logging
Secure infrastructure practices
Detailed technical documentation may be provided at Estaita’s discretion.
8. Audit and information rights
Audit rights are limited.
Estaita will:
Provide reasonable information to demonstrate compliance
Respond to written security questionnaires where proportionate
On site audits are excluded unless required by law.
9. Deletion and return of data
On termination:
Data may be retained for legal or operational reasons
Deletion will occur where legally required
Data export may be provided at Estaita’s discretion
10. Updates
Estaita may update this Addendum with notice.
Continued use of the platform constitutes acceptance.
