Effective: May 14, 2026 • Last Updated: May 14, 2026 • Staxx Global Technology Solutions LLC (“SGTS”) • Atlanta, Georgia USA
A Data Processing Addendum (DPA) is a contractual document that defines the responsibilities of both parties when personal data is processed as part of a service relationship. DPAs are commonly required by enterprise procurement teams, regulated industries, and clients operating under privacy frameworks including GDPR (EU/UK), NDPR (Nigeria), or HIPAA-adjacent requirements.
SGTS makes DPAs available to enterprise clients upon request. A DPA supplements and does not replace the executed Service Agreement (SA) governing your engagement.
For clients operating under European Union or United Kingdom data protection law.
For Nigerian enterprise clients subject to the Nigeria Data Protection Regulation.
For US enterprise, healthcare, and government-adjacent clients with procurement or compliance requirements.
Depending on the applicable addendum, the DPA addresses:
Roles and responsibilities — controller and processor designations for personal data processed under the service relationship.
Data categories and purposes — specific categories of personal data processed and the authorized purposes for each.
Retention and deletion — obligations for data retention periods and deletion or return of data upon contract termination.
Subprocessor disclosure — current subprocessor list and notification requirements for material changes.
Data subject rights — SGTS obligations to assist the controller in fulfilling data subject rights requests.
Security measures — technical and organizational safeguards applied to personal data.
Incident notification — obligations and timelines for reporting data incidents to the controller.
International transfers — mechanisms and protections for cross-border data transfers where applicable.
SGTS does not claim SOC 2, HIPAA, or ISO 27001 certification at this time. Our DPA reflects commercially reasonable data protection practices appropriate for an AI workforce systems provider at our current scale. Enterprise clients with specific certification requirements should discuss this with our team before executing a service agreement. A vendor questionnaire summary is available upon request.
Enterprise and healthcare procurement teams may request our vendor security questionnaire summary alongside the DPA. This document outlines our current data handling practices, subprocessor relationships, and technical security posture in a format suitable for procurement review. Request it by including “Vendor Questionnaire” in your email subject line.
Send a request to hello@staxxgts.com with subject line: DPA Request — [Your Company Name]
Specify your organization name, jurisdiction, applicable framework (GDPR, NDPR, or Standard Enterprise), and any specific requirements from your legal or procurement team.
Our team will review your request and respond within 5 business days with the appropriate DPA draft for your review.
DPAs may be negotiated where required. Executed DPAs are attached to your Service Agreement (SA) as a binding addendum. Both parties retain a signed copy.
Email us with your company name, jurisdiction, and applicable framework. We respond within 5 business days.
Request a DPA →Staxx Global Technology Solutions LLC • hello@staxxgts.com • +1 470-664-6777 • Atlanta, Georgia USA