Data Processing Agreement
Processor terms for customer personal data handled through SenseOn services.
How this DPA applies
This Data Processing Agreement ("DPA") is provided by SenseOn Tech Ltd, company number 11032394. It applies where a SenseOn customer agreement, order form, or online customer licence agreement incorporates it. If a signed agreement contains different data protection terms, the signed agreement controls.
The customer is the controller, or processor acting for another controller, for customer personal data submitted to the SenseOn services. SenseOn acts as processor for that customer personal data unless the customer agreement says otherwise.
Processing details
| Subject matter | Provision, security, support, monitoring, reporting, and improvement of the SenseOn cybersecurity platform and related services. |
|---|---|
| Duration | The term of the customer agreement, plus any deletion, return, backup, legal, or audit retention period set out in the agreement or required by law. |
| Nature and purpose | Collection, transmission, analysis, correlation, enrichment, storage, retrieval, reporting, deletion, and governed AI-assisted processing of security telemetry, audit trails, support records, and service data. |
| Data subjects | Customer personnel, authorised users, contractors, business contacts, endpoint users, and other individuals whose data appears in customer security telemetry or support records. |
| Personal data categories | Identifiers, business contact details, account details, device and network identifiers, IP addresses, authentication and audit events, security alerts, investigation context, support records, and other customer-controlled telemetry submitted to the services. |
| Special category data | The services are not designed to process special category data, but customer-controlled telemetry may incidentally contain it. Customers should avoid submitting unnecessary special category data. |
Processor commitments
- Process personal data only on documented customer instructions, including instructions in the customer agreement, order, configuration, support request, or this DPA.
- Ensure personnel authorised to process personal data are bound by confidentiality obligations.
- Maintain appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
- Use sub-processors only under written terms that provide data protection obligations materially equivalent to this DPA.
- Assist the customer with data subject requests, security obligations, data protection impact assessments, and regulator consultations where required and where the information is available to SenseOn.
- Notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data.
- Delete or return customer personal data at the end of the services, unless retention is required by law or permitted by the customer agreement.
- Make information reasonably necessary to demonstrate compliance available to the customer, including through security documentation, audit reports, certifications, and the Trust Centre.
Sub-processors and transfers
SenseOn may use sub-processors to provide hosting, infrastructure, security, analytics, support, communications, and AI-assisted service functionality. SenseOn remains responsible for its sub-processors where they process customer personal data for the services.
Where customer personal data is transferred from the UK, EEA, or Switzerland to a country without an adequacy decision, SenseOn will use the UK International Data Transfer Addendum, standard contractual clauses, or another lawful transfer mechanism.
Security and audit
SenseOn maintains a security programme designed for enterprise cybersecurity data, including access controls, encryption, logging, vulnerability management, incident response, supplier review, and employee security training. Current security and compliance evidence is published through the Trust Centre.
Customer audit rights are normally satisfied through security documentation, independent certifications, audit reports, written responses, and Trust Centre evidence. On-site audits require reasonable notice, confidentiality, and controls to protect SenseOn systems and other customers.
Breach notice, deletion, and conflicts
SenseOn will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data and will provide information reasonably available to support the customer's assessment and notification duties.
At the end of the services, SenseOn will delete or return customer personal data as set out in the customer agreement. Backup deletion may follow normal backup rotation.
This public DPA is provided for transparency and procurement review. Customer-specific terms, signed orders, and negotiated agreements may add to or replace these terms.
Last updated: 3 May 2026