Data processing framework for UK customers incorporating the UK International Data Transfer Agreement (IDTA).
This UK Data Processing Agreement is incorporated into the GuardArra Terms of Service and applies where GuardArra processes personal data on behalf of UK customers under the UK GDPR and Data Protection Act 2018.
GuardArra’s processor obligations mirror those in our EU DPA, adapted for UK requirements. GuardArra shall process personal data only on the Controller’s instructions, maintain appropriate security measures, assist with data subject rights, and notify of breaches without undue delay.
Transfers of personal data from the UK to the US are governed by the UK International Data Transfer Agreement (IDTA) issued by the ICO under Section 119A of the Data Protection Act 2018. By accepting these terms, UK customers execute the IDTA with GuardArra, LLC as the data importer.
See our Sub-Processor List. UK customers will be notified of sub-processor changes with 30 days notice.
GuardArra implements appropriate technical and organizational measures consistent with Article 32 UK GDPR, including encryption at rest (AES-256-GCM), encryption in transit (TLS 1.3), access controls, 2FA, and audit logging.
Contact legal@guardarra.com to request a signed copy of this DPA incorporating the IDTA, suitable for your compliance records.
UK customers who are data controllers are responsible for their own ICO registration obligations. GuardArra as a US-based processor with no UK establishment is not required to register with the ICO.