Data Processing & Security

Last updated: May 1, 2025

1. Data Processing Agreement (DPA)

This Data Processing Addendum forms part of our service agreements when AR Data Solutions processes personal data on behalf of clients. This DPA ensures compliance with GDPR, CCPA, and other applicable data protection regulations.

2. Roles and Responsibilities

Controller (Client)

The client determines the purposes and means of processing personal data and is responsible for ensuring lawful processing.

Processor (AR Data Solutions)

We process personal data only on documented instructions from the client and implement appropriate technical and organizational measures.

3. Security Measures

Encryption

• Data encrypted in transit (TLS 1.2+) and at rest (AES-256)

Access Controls

• Role-based access control (RBAC) with least-privilege principle

• Multi-factor authentication for all systems

• Regular access reviews and immediate revocation upon termination

Infrastructure

• Cloud infrastructure with SOC-2 and ISO 27001 certified providers

• Regular security patches and updates

• Network segmentation and firewall rules

Monitoring & Logging

• Comprehensive audit trails for all data access

• Real-time monitoring and alerting for anomalies

• Log retention for minimum 1 year

4. Data Subject Rights

We assist clients in responding to data subject requests including:

  • • Right of access and data portability
  • • Right to rectification and erasure
  • • Right to restriction of processing
  • • Right to object to processing

We respond to client requests within 72 hours with available data or guidance.

5. Sub-Processors

We may engage sub-processors (cloud providers, monitoring tools) to provide services. Current sub-processors include:

  • • AWS, GCP, Azure (cloud infrastructure)
  • • Snowflake, BigQuery (data warehousing)
  • • Logging and monitoring services

We maintain the same level of data protection with all sub-processors through contractual agreements. A full list is available upon request.

6. Data Breach Response

In the event of a personal data breach, we will:

  • • Notify the client without undue delay (target: within 24 hours of discovery)
  • • Provide details of the nature, scope, and affected data
  • • Outline measures taken to contain and mitigate the breach
  • • Cooperate in any required regulatory notifications

7. Data Retention and Deletion

We retain client data only for the duration necessary to provide services, plus any legally required retention period. Upon termination or client request, we delete or return all personal data within 30 days, except where retention is required by law.

8. Audits and Compliance

Clients may audit our compliance with this DPA upon reasonable notice. We provide documentation of our security measures and certifications upon request. We maintain readiness for SOC-2 Type II audits.

9. International Data Transfers

Data may be processed in the United States and other jurisdictions where our service providers operate. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) or other approved mechanisms.

10. Contact

For data processing or security inquiries:

Email: admin@ardatasolutions.com
Phone: (321) 399-0806
Address: 4095 Italia Way, Lake Worth, FL 33467