Data Processing Agreement (DPA)

Last Updated: [October 2025]

This Data Processing Agreement (“DPA”) is entered into between:

Revuva Pty Ltd (ABN 12 687 693 189), a company incorporated in Australia, with principal office in New South Wales (“Revuva”),

and

the entity executing this Agreement as Customer (“Customer”).

This DPA forms part of the Terms & Conditions between Revuva and Customer (the “Agreement”). In case of conflict, this DPA will prevail to the extent of such conflict.

1. Definitions

• Australian Privacy Principles (APPs): the principles in the Privacy Act 1988 (Cth).
  
  
  

• Customer Personal Data: information relating to an identified or reasonably identifiable individual contained in Customer Data processed under the Agreement.
  
  
  

• Data Breach: unauthorised access, disclosure or loss of Customer Personal Data.
  
  
  

• Processing: any operation performed on Personal Data, including collection, storage, use, transfer, or deletion.
  
  
  

• Sub-processors: third parties engaged by Revuva to process Customer Personal Data.
  
  
  

2. Roles of the Parties

• Customer acts as Controller of Customer Personal Data.
  
  
  

• Revuva acts as Processor on behalf of Customer in providing the Services.
  
  
  

• Customer warrants it has obtained all necessary consents and notices to lawfully provide Customer Personal Data to Revuva for Processing.
  
  
  

3. Revuva Obligations

Revuva shall:
a. Process Customer Personal Data only in accordance with Customer’s documented instructions, except where required by law.
b. Implement and maintain appropriate technical and organisational measures (Annex B).
c. Ensure staff authorised to process Customer Personal Data are bound by confidentiality.
d. Notify Customer of any Data Breach without undue delay.
e. On termination of the Agreement, delete or return Customer Personal Data unless retention is required by law.
f. Make available information reasonably necessary to demonstrate compliance with this DPA.

4. Sub-processors

• Customer provides a general authorisation for Revuva to appoint Sub-processors.
  
  
  

• Revuva shall ensure Sub-processors are bound by written terms providing the same level of data protection as this DPA.
  
  
  

• Current Sub-processors are listed in Annex C. Revuva will provide notice of material changes via website or email.
  
  
  

5. International Data Transfers

• Customer acknowledges Customer Personal Data may be processed outside Australia by Revuva’s Sub-processors.
  
  
  

• Revuva will take reasonable steps to ensure overseas recipients comply with the APPs in relation to Customer Personal Data.
  
  
  

6. Assistance to Customer

Revuva will, at Customer’s cost and to the extent reasonable:

• Assist Customer in responding to individual privacy requests.
  
  
  

• Assist in meeting obligations relating to security, breach notifications, and regulator liaison.
  
  
  

7. Liability & Indemnity

• Each party remains responsible for compliance with applicable privacy laws.
  
  
  

• Customer indemnifies Revuva against loss/damage arising from Customer’s failure to obtain necessary consents.
  
  
  

8. Term & Termination

This DPA remains in force for as long as Revuva processes Customer Personal Data under the Agreement.

Annex A – Details of Processing

• Data Subjects: Customers and prospective customers of Customer.
  
  
  

• Categories of Data: name, email, phone, social media handles, business details, and other data input by Customer.
  
  
  

• Sensitive Data: not anticipated.
  
  
  

• Purpose: provision of reputation management, marketing automation, communications, and related services.
  
  
  

• Retention: for the duration of the Agreement, unless otherwise required by law.
  
  
  

Annex B – Security Measures

Revuva and its Sub-processors apply:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  
  
  

• Role-based access controls and strong authentication.
  
  
  

• Logging and monitoring of system access.
  
  
  

• Regular backups and disaster recovery procedures.
  
  
  

• Hosting on secure cloud platforms (AWS/Google Cloud).
  
  
  

Annex C – Sub-processors

Revuva engages the following categories of Sub-processors:

• Go High Level / LeadConnector LLC / HighLevel India – platform hosting & support.
  
  
  

• Amazon Web Services (AWS) – cloud hosting.
  
  
  

• Google Cloud – infrastructure & monitoring.
  
  
  

• Twilio – SMS/telephony services.
  
  
  

• Stripe – payment processing.
  
  
  

• Zapier – integrations.
  
  
  

• Yext – listings management.
  
  
  

Other providers – as required to support the Services (updated at: [https://revuva.com.au/sub-providers]).