Trade Nest – Data Processing Agreement (DPA) 1. Parties to the Agreement This Data Processing Agreement ("Agreement") is entered into between The Trade Nest LTD, trading as Trade Nest, with its registered office at Office 12842, Office 182-184 High Street North, East Ham, London, E6 2JA, United Kingdom ("Data Processor") and the Client ("Data Controller"). 2. Purpose The purpose of this Agreement is to ensure that personal data transferred or made available by the Client to Trade Nest is processed in compliance with applicable data protection laws, including the UK GDPR, EU GDPR (where applicable), and related regulations. 3. Scope of Processing Trade Nest shall process personal data solely for the purpose of providing access to its progressive web application, client dashboard tools, analytics, AI-powered services, content hosting, and account management. Trade Nest will only process personal data on documented instructions from the Client. 4. Categories of Data and Data Subjects The categories of data processed include contact information, account credentials, business identifiers, usage data, and any content uploaded by users. Data subjects include the Client’s employees, customers, and authorised users. 5. Subprocessors Trade Nest uses subprocessors and third parties to provide infrastructure, analytics, and payment processing. This includes Vendasta Technologies (Canada) as a subcontractor and white-label platform provider, Google Analytics for behavioural analysis, and Stripe or similar processors for payment services. All subprocessors and third parties are bound by contractual terms equivalent to this Agreement and process data solely under the instructions of Trade Nest and the Client. 6. Data Transfers Personal data may be transferred outside of the UK/EEA to countries including the United States and Canada. Such transfers are safeguarded using Standard Contractual Clauses (SCCs) or other legally approved mechanisms. 7. Security Measures Trade Nest implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, or disclosure. These include encryption, access controls, logging, and regular platform updates. 8. Rights of Data Subjects Trade Nest shall assist the Client in responding to requests from data subjects to exercise their rights under applicable data protection laws, including access, correction, deletion, and data portability. 9. Data Breach Notification In the event of a personal data breach, Trade Nest shall notify the Client without undue delay, providing all necessary information to enable the Client to meet its regulatory obligations. 10. Duration and Termination This Agreement shall remain in effect for the duration of the Client’s use of Trade Nest services. Upon termination, Trade Nest will delete or return personal data, unless legal obligations require continued storage. 11. Audits and Inspections The Client may request reasonable documentation demonstrating Trade Nest’s compliance with this Agreement. Trade Nest will cooperate with such requests within the bounds of confidentiality and platform security. 12. Liability Trade Nest’s liability under this Agreement is limited as stated in its Terms of Service. The Client is responsible for its own compliance and legal basis for data processing. 13. Governing Law This Agreement shall be governed by and construed in accordance with the laws of the United Kingdom. Jurisdiction lies with the courts of England and Wales. 14. Contact For matters relating to data protection, the Client may contact David Johnson at support@thetradenest.co.uk. Effective Date This Agreement is effective as of 08/06/2025.