Data Processing Addendum
Part 1: Processing of Personal Data by Next Gate Tech as a Controller
Preamble
Next Gate Tech processes personal information as a controller for individuals connected to clients, including employees, directors, and authorized representatives.
Key Contact Information:
- Next Gate Tech S.A
- 26A, boulevard Royal, L-2449 Luxembourg
- Email: privacy@nextgatetech.com
A. Collected and Processed Personal Data
Next Gate Tech collects:
- Professional identifiers (name, job title, email, phone)
- Access credentials and authentication data
- Technical information (IP address, browser type, OS version)
- Billing and contact addresses
- Event-related details
B. Cookie-Related Information
The platform automatically collects browsing data, including internet service provider information, website referrals, visit duration, and device specifications as detailed in the Cookie Policy.
C. Purposes and Legal Basis
Processing purposes include:
- Agreement performance and service delivery
- Communication management via contact forms
- Login credential issuance
- Log activity monitoring for incident management
- Application support services
- Infrastructure maintenance
- Customer relationship management
- Direct marketing solicitation (with opt-out rights)
- Event invitations
- Dispute and litigation management
Legal bases: Contractual necessity and legitimate business interests.
D. Recipients
Personal data may be shared with:
- Next Gate Tech authorized staff
- Telkea ICT SA (infrastructure operator)
- Proximus Luxembourg S.A./Google Cloud (hosting)
- Legal advisors and auditors
- Third parties under confidentiality agreements
- Government and judicial authorities
E. Retention
Data retention periods vary by purpose:
- Contract performance data: Duration of agreement plus 10-year archival per commercial law
- Login credentials: Agreement duration plus legal limitation periods
- Invoices: Minimum 10 years
- Direct marketing contacts: Agreement duration plus 3 years post-termination
- Support/maintenance data: Agreement duration plus legal periods
F. Rights
Data subjects may exercise GDPR rights:
- Access to personal data
- Rectification of inaccurate information
- Erasure requests
- Processing restrictions
- Objection to processing based on legitimate interests
- Data portability (where applicable)
Contact: privacy@nextgatetech.com or Luxembourg's "Commission Nationale pour la Protection des Données"
Part 2: Processing of Personal Data by Next Gate Tech as a Processor
1. Definitions and Interpretation
Key terms align with GDPR definitions. "Personal Data Breach" means unauthorized access compromising data security, excluding unsuccessful attempts.
2. Data Protection Requirements
As processor, Next Gate Tech shall:
- Process data only per client instructions and the Agreement
- Ensure sub-processor confidentiality obligations
- Implement appropriate technical and organizational security measures
- Enable international data transfers using EU Standard Contractual Clauses
- Provide audit access and compliance documentation
- Assist with individual rights requests (referring to client)
- Support data protection impact assessments
- Notify clients of breaches promptly
- Return/delete data upon termination (unless legally required to retain)
Clients authorize engagement of affiliated and third-party sub-processors per the maintained list.
Part 3: Details of Processing Activities as Processor
1. Data Processing Details
Subject Matter: Software provision under Agreement
Data Subject Categories:
- Individuals in processed documentation
- Individuals accessing the platform
Relevant Personal Data Types:
- Contact details (name, professional address, email, phone, country)
- Authentication data (user ID, activity logs, browser/OS information, IP address)
Processing Purpose:
- Agreement performance and software feature delivery
- Security incident management per client instructions
Duration: Agreement term plus necessary post-termination period for legal compliance
Part 4: Authorized Sub-Processors
| Sub-Processor | Purpose | Location |
|---|---|---|
| Next Gate Tech Ltd | Subsidiary performing identical processing | UK |
| Auth0 | Identity management and authentication | Ireland, Germany |
| Google Cloud | Cloud hosting infrastructure | Germany, Belgium |
| Google Workspace | Email, document storage, collaboration | Europe |
| HubSpot | Customer relationship management | Germany |
| Zoho | Invoicing system | Luxembourg |