top of page

Data Processing

Nessie Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the agreement between MKS DESIGN TECH LTD ("Processor", "MKS DTECH", "we", "us") and the customer entity using Nessie ("Controller", "Customer", "you") where personal data is processed in connection with the Nessie service.

 

1. Parties

Processor:
MKS DESIGN TECH LTD
Forma House, 40 Bowling Green Lane, London, England, EC1R 0NE

Controller:
The customer organisation subscribing to Nessie.

 

2. Scope

This DPA applies where MKS DTECH processes personal data on behalf of Customer in providing Nessie and related support services.

This DPA is incorporated into the Nessie Terms of Service and related commercial agreements.

 

3. Roles of the Parties

For personal data processed through Nessie:

  • The customer acts as Controller, determining the purposes and means of processing.

  • MKS DTECH acts as Processor, processing personal data only on documented instructions of Customer, except where otherwise required by law.

 

4. Nature and Purpose of Processing

Processing may include hosting, storage, organisation, retrieval, synchronisation, access control, support, maintenance, diagnostics, backup and deletion of data necessary to provide Nessie.

 
5. Categories of Data Subjects

Depending on Customer use, data subjects may include:

  • Customer employees

  • authorised users

  • consultants

  • project team members

  • administrators

6. Categories of Personal Data

Depending on Customer use, personal data may include:

  • names

  • business email addresses

  • user identifiers

  • role permissions

  • activity logs

  • session information

  • operational metadata entered by Customer

Nessie is not intended for special category personal data unless expressly agreed.

 

7. Processor Obligations

MKS DTECH shall:

  • process personal data only to provide the service;

  • follow lawful documented instructions from Customer;

  • maintain confidentiality obligations for authorised personnel;

  • implement appropriate technical and organisational security measures;

  • assist Customer where reasonably required with privacy rights requests;

  • notify Customer of personal data breaches without undue delay where legally required;

  • delete or return personal data upon termination or request, subject to legal and backup limitations.

 

8. Security Measures

MKS DTECH maintains reasonable security measures, which may include:

  • Microsoft Entra ID authentication controls

  • role-based permissions

  • logically separated tenant environments

  • dedicated customer databases where applicable

  • encrypted communications (HTTPS / TLS)

  • restricted administrative access

  • backups and resilience controls

  • managed cloud infrastructure security features

 

9. Subprocessors

Customer authorises the use of the following subprocessors as applicable:

  • Microsoft Azure (hosting, databases, storage, infrastructure)

  • Microsoft Entra ID (identity and authentication services)

MKS DTECH may update subprocessors from time to time with equivalent reputable providers where appropriate safeguards are maintained.

 

10. International Transfers

Where personal data is transferred outside the UK or EEA, MKS DTECH will implement appropriate safeguards as required by applicable law.

 

11. Assistance to Controller

Taking into account the nature of processing, MKS DTECH will provide reasonable assistance to Customer regarding:

  • access requests

  • deletion requests

  • correction requests

  • security enquiries

  • breach information requests

  • regulatory cooperation where applicable

 

12. Audit and Information Rights

Upon reasonable written request, MKS DTECH may provide information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality, proportionality and security limitations.

 

13. Deletion and Return of Data

Upon termination of services or written request, Customer may request deletion of active tenant data.

Residual copies may remain temporarily in backup systems until overwritten in normal retention cycles.

 
14. Liability

Liability under this DPA shall follow the liability framework agreed in the governing Nessie Terms or commercial agreement.

 

15. Governing Law

This DPA shall be governed by the laws of England and Wales unless otherwise agreed in writing.

 

16. Contact

Privacy and data protection requests:

info@mksdtech.com

  • Instagram

Digital AEC © 2019 - 2026 MKS DESIGN TECH LTD

info@mksdtech.com

Terms and Conditions

Privacy Policy

License Agreement MKS BEAM

License Agreement RHINO SYNC

Terms and Conditions NESSIE

Privacy Policy NESSIE

Data Processing NESSIE

Security and Trust NESSIE

bottom of page