Data Processing Agreement

For the purpose of this DPA the Customer is the “Responsible Party” (or “Controller”) and Pro-IT is the “Operator” (or “Processor”) in relation to personal information uploaded to AssetCore by the Customer or its users.

Terms not defined here have the meaning given in POPIA, GDPR, or our Terms of Service.

The subject matter is the provision of the AssetCore service. The DPA remains in force for the duration of the Customer’s subscription and any post-termination period during which Customer Data is retained.

Pro-IT processes personal information solely to provide the Service to the Customer, including hosting, storing, indexing, searching, backing up, transmitting, and securing Customer Data.

Personal information processed in AssetCore typically relates to:

• the Customer’s employees, contractors, and team members who use the Service;
• individuals named in asset assignment, handover, vendor, or location records.

Categories typically include name, work email address, role, assigned assets, signatures captured during handover, vendor contact details, and audit log entries.

Pro-IT will:

• process personal information only on documented instructions from the Customer, which include the use of the Service;
• ensure that personnel with access to personal information are bound by confidentiality;
• implement appropriate technical and organisational measures, as described in our Privacy Policy and Security overview;
• engage sub-processors only as listed in our Privacy Policy or with the Customer’s prior approval;
• assist the Customer with data subject requests and security incident investigations to a reasonable extent;
• notify the Customer without undue delay after becoming aware of a personal information breach affecting their data.

The Customer authorises Pro-IT to use the sub-processors listed in our Privacy Policy. We will give at least 30 days’ notice of any new sub-processor or replacement, during which the Customer may object on reasonable grounds.

Where personal information is transferred outside South Africa, Pro-IT will ensure an appropriate transfer mechanism is in place, such as adequacy, Standard Contractual Clauses, or equivalent safeguards.

Pro-IT will, where reasonably possible, assist the Customer in fulfilling its obligations to respond to requests from data subjects to access, correct, delete, or export their personal information. Customers can fulfil most requests directly through the Service.

On reasonable written notice and no more than once per year (unless required after a security incident), the Customer may request a summary of Pro-IT’s controls, third-party audit reports, or a questionnaire response, subject to confidentiality.

On termination of the subscription, Customer Data will be retained for 30 days to allow recovery and then permanently deleted, except where required to be retained by law. The Customer may also export its data through the Service before termination.

The liability provisions in our Terms of Service apply to claims arising from this DPA.

This DPA is governed by the laws of the Republic of South Africa.

By using the Service the Customer accepts this DPA. A countersigned PDF copy is available on request from legal@pro-it.biz.