Data Processing Agreement

This Data Processing Agreement applies where a customer uses TriFocus UX services and TriFocus UX processes personal information on behalf of that customer.

Parties

Controller / Responsible Party

The customer using the TriFocus UX Platform who determines the purpose of processing.

Processor / Operator

OnPoint Software Development (Pty) Ltd (CIPC Reg 2014/122780/07), operating the TriFocus UX platform, acting as processor/operator for certain customer data.

Scope of Processing

TriFocus UX may process the following categories of data where submitted by the customer:

• Names
• Email addresses
• User IDs
• Behavioural analytics
• Uploaded screenshots
• URLs
• Project notes
• Internal comments
• Report data

TriFocus UX processes such data solely to provide contracted services.

Purpose of Processing

• UX analysis
• Report generation
• Dashboard display
• Technical support
• Security monitoring
• Storage and backup
• Performance optimisation

Duration

Processing continues for the duration of the customer relationship unless otherwise agreed or legally required.

Confidentiality

TriFocus UX shall ensure persons authorised to process data are subject to confidentiality obligations.

Security Measures

TriFocus UX implements reasonable technical and organisational safeguards including access controls, role-based permissions, encryption where appropriate, secure hosting environments, logging and monitoring, and backup procedures.

Subprocessors

TriFocus UX may use subprocessors such as cloud infrastructure providers, email service providers, payment processors, analytics tools, and security vendors. TriFocus UX remains responsible for appropriate oversight.

Assistance to Customer

Where reasonably required, TriFocus UX may assist customers with access requests, deletion requests, correction requests, security incident information, and regulatory cooperation obligations, subject to commercial reasonableness.

Data Breach Notification

Where TriFocus UX becomes aware of a material security incident affecting customer personal information, it will notify the customer within a commercially reasonable timeframe.

Cross-Border Transfers

Where data is processed outside South Africa or the customer’s jurisdiction, TriFocus UX will use reasonable safeguards.

Deletion / Return of Data

Upon termination, TriFocus UX may delete or anonymise customer data after a reasonable retention period unless required by law or legitimate security/backup obligations.

Liability

Liability under this DPA is subject to the master Terms & Conditions unless otherwise agreed in writing.

Governing Law

This DPA shall be governed by the laws of South Africa unless superseded by contract.

Contact