Axiore Logo
Legal & Compliance

Data Processing Policy

Last Updated: January 1, 2026

1. Scope and Applicability

This Data Processing Policy ("DPA") governs the processing of personal data by Axiore on behalf of our enterprise clients. It applies to all services where Axiore acts as a data processor. This DPA reflects the parties' agreement with regard to the processing of personal data under applicable data protection laws, including the GDPR and CCPA.

2. Processing of Personal Data

Axiore shall process personal data only on documented instructions from the client, unless required to do so by law to which Axiore is subject. The client ensures that its instructions comply with applicable data protection laws and that it has all necessary rights and authorizations to permit Axiore to process the personal data.

3. Sub-processing

The client authorizes Axiore to engage sub-processors to process personal data. Axiore shall impose data protection terms on any sub-processor it engages that protect the personal data to the same standard provided for by this DPA and shall remain liable for any breach of the DPA caused by a sub-processor.

4. Security Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Axiore shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

5. Data Breach Notification

Axiore shall notify the client without undue delay after becoming aware of a personal data breach affecting the client's personal data. Axiore shall provide the client with sufficient information to allow the client to meet any obligations to report or inform data subjects of the personal data breach under the Data Protection Laws.