Data Processing
Addendum

01 — Customer responsibilities

The customer remains responsible for ensuring it has the lawful right to provide personal data to Pursuit AI Lab, including providing any required notices and obtaining any necessary consents.

02 — Basis of processing

Pursuit AI Lab will process personal data only on the customer's documented instructions, for the purpose of delivering the agreed services, complying with law, and exercising its contractual rights.

03 — Security and breach notification

Pursuit AI Lab will maintain reasonable technical, administrative, and organisational safeguards. Its personnel with access to personal data will be subject to confidentiality obligations. If Pursuit AI Lab becomes aware of a security incident, it will notify the customer without undue delay.

04 — Assistance obligations

Where reasonably required, Pursuit AI Lab will assist the customer with data subject requests, privacy impact assessments, compliance enquiries, and related obligations. Material out-of-scope support may be charged at standard professional rates.

05 — Customer system obligations

The customer is responsible for securing its own systems, credentials, devices, and backups, and for ensuring that it does not submit prohibited or highly sensitive categories of data unless expressly agreed in writing.

06 — Subprocessors

Pursuit AI Lab may use vetted subprocessors where necessary to deliver the services, subject to written agreements imposing data protection obligations no less protective than those in this DPA. The customer may object to new subprocessors on reasonable data protection grounds.