O
g
i
|
[
"
I
|
p
E
v
@
P
h
f
n
q
)
v
v

Data Processing Agreement

Introduction

This Data Processing Agreement ("DPA") is entered into between FDI Advisory Group ("Data Processor") and the Client ("Data Controller") and governs the processing of personal data in connection with the services provided by FDI Advisory Group.

Definitions

For purposes of this DPA:

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, erasure, or destruction
  • Data Subject: The individual to whom personal data relates
  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: The entity that processes personal data on behalf of the Data Controller

Scope of Processing

FDI Advisory Group processes personal data only as instructed by the Data Controller and in accordance with this DPA and applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Data Processor Obligations

FDI Advisory Group commits to:

  • Process personal data only on documented instructions from the Data Controller
  • Ensure that persons authorized to process personal data are subject to confidentiality obligations
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
  • Obtain prior written authorization before engaging sub-processors
  • Assist the Data Controller in fulfilling data subject rights requests
  • Delete or return personal data upon termination of the processing relationship
  • Make available all information necessary to demonstrate compliance with this DPA
  • Allow for audits and inspections by the Data Controller or its auditors

Sub-Processors

FDI Advisory Group may engage sub-processors to assist in processing personal data. The Data Controller will be notified of any changes to sub-processors and will have the right to object to the engagement of new sub-processors.

International Data Transfers

If personal data is transferred outside the European Economic Area or other jurisdictions with data protection laws, FDI Advisory Group will implement appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions.

Data Security

FDI Advisory Group implements industry-standard security measures, including encryption, access controls, regular security assessments, and incident response procedures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

Data Subject Rights

FDI Advisory Group will assist the Data Controller in fulfilling data subject rights requests, including access, rectification, erasure, restriction, portability, and objection rights, as required by applicable data protection laws.

Data Breach Notification

FDI Advisory Group will notify the Data Controller without undue delay upon becoming aware of a personal data breach that may result in a risk to the rights and freedoms of data subjects.

Term and Termination

This DPA remains in effect for the duration of the processing relationship. Upon termination, FDI Advisory Group will delete or return all personal data unless applicable law requires retention.

Contact Information

For questions about this Data Processing Agreement, please contact our Data Protection Officer at [email protected].

Last updated: November 2025