Data Processing Addendum

Effective Date: July 27, 2025

This Data Processing Addendum (“DPA”) forms part of the agreement between Mokhtar Group Inc. (“Processor”) and any client or customer (“Controller”) who uses our services and shares personal data subject to applicable data protection laws such as the GDPR, UK GDPR, or equivalent regulations.

1. Purpose and Scope

This DPA applies to any processing of personal data that Mokhtar Group Inc. performs on behalf of its clients in the course of delivering services, including SaaS platforms, sales systems, e-learning, CRM tools, and other business technologies.

2. Roles and Responsibilities

  • Controller: Determines the purposes and means of processing personal data.
  • Processor: Processes personal data only on documented instructions from the Controller, unless otherwise required by law.

3. Nature of Processing

Mokhtar Group Inc. may process the following categories of personal data:

  • Contact data (name, email, phone number, job title)
  • Organizational data (company, role, IP, login activity)
  • Usage analytics, feedback, communication logs

We process data for the purposes of service delivery, technical support, user experience optimization, CRM operations, and system improvements.

4. Duration

This DPA remains valid as long as the client uses Mokhtar Group services, or until all processed personal data is returned or deleted, as instructed by the client.

5. Confidentiality and Security

Mokhtar Group Inc. ensures all personnel authorized to process personal data are subject to confidentiality obligations and receive appropriate training.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Access controls and authentication
  • Encryption in transit (TLS/SSL)
  • Regular backups and audit logging
  • Incident detection and response plans

6. Sub-Processors

We may engage third-party sub-processors (e.g., cloud providers, CRM tools) under written contracts with equivalent data protection obligations. A current list of sub-processors can be provided upon request.

The Controller will be notified in advance of any changes to sub-processors and may object on reasonable legal grounds.

7. Data Subject Rights

We will assist the Controller in fulfilling data subject rights requests, such as access, correction, deletion, or objection, by providing relevant data or tools within a reasonable timeframe.

8. International Transfers

If personal data is transferred outside of the European Economic Area (EEA), we ensure compliance through mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards.

9. Data Breach Notification

If we become aware of a data breach affecting Controller data, we will notify the Controller without undue delay, providing sufficient details to assess the impact and comply with applicable legal obligations.

10. Return or Deletion of Data

Upon termination of the agreement or upon request, we will delete or return all personal data unless required by law to retain it. Deletion will be confirmed upon completion.

11. Audit Rights

Upon written request, the Controller may conduct audits or request supporting documentation to demonstrate compliance with this DPA and applicable laws, provided such audits do not interfere with Mokhtar Group’s operations or security.

12. Contact

To inquire about data processing activities or submit a data-related request:

Mokhtar Group Inc.
Email: privacy@mokhtargroup.com
Website: mokhtargroup.com

This DPA is incorporated into and governed by the terms of the main service agreement between the parties.