Data Processing Agreement

This Data Processing Agreement was last revised on 11 August 2025.

Important Information

  1. The Packet Hub is a South African company with registration number 2010/139075/23 (referred to in this Agreement as "TPH"). "We" are TPH, and "you" are any person or legal entity who accesses and uses a TPH Service. You and TPH are collectively referred to as “the Parties” in this Agreement.
  2. This Data Processing Agreement ("DPA") governs how TPH handles personal data on behalf of its customers. It applies by default to you and any customer who uses a TPH Service and accepts the applicable terms and conditions via our Online Portal or through another authorised mechanism. This Agreement outlines TPH's rights and obligations regarding the collection, processing, storage, and protection of personal data in accordance with applicable data protection laws, including the Protection of Personal Information Act (POPIA), and reflects our commitment to privacy, transparency, and compliance.
  3. 1.3 This DPA constitutes the standard data processing agreement applicable to TPH Services and accepted electronically via our portal. It may only be overridden by a separate written agreement, signed by both you and TPH, that expressly states it supersedes this DPA. In the event of such a conflict, the signed agreement will prevail.
  4. This DPA forms part of the broader contractual relationship between you and TPH and must be read in conjunction with our Terms and Conditions, Privacy Policy, and Cookie Policy.
    1. Terms used in this DPA shall have the same meaning as defined in POPIA and the TPH General Terms and Conditions, unless expressly defined otherwise in this Agreement. In the event of any inconsistency, the definitions provided in this Agreement shall prevail for the purposes of interpreting this DPA.
    2. Controller.Means you, the customer, who subscribes to and uses the TPH Services and determines, either for yourself or on behalf of another party, the purposes and means of the processing of personal data under this Agreement.
    3. Processor. Means TPH, who processes personal data on behalf of the Controller in accordance with this DPA and applicable law.
    4. Sub Processor. Means any third party engaged by TPH who processes personal data on behalf of TPH in the course of providing the Services.
    5. Subject Matter.This DPA governs TPH's processing of personal data on behalf of the Controller in connection with the provision and use of TPH Services.
    6. Nature and Purpose of Processing. TPH processes personal data solely for the purposes of delivering its Services, including but not limited to monitoring, analysis, alerting, reporting, and related support functions. Details regarding specific processing purposes and data types are outlined in the TPH Privacy Policy.
    7. Types of Personal Data Processed. The categories of personal data vary depending on the service provided and are defined in detail in the TPH Privacy Policy which forms part of this DPA.
    8. Categories of Data Subjects.End users, individuals, or data subjects whose personal data may be associated with the Controller and appear in the context of the TPH Services provided. This may include the Controller’s employees, contractors, customers, or customers users, whose personal information may be processed as part of a TPH Service for example but not limited to breach monitoring, infrastructure scanning or account intelligence services.
    1. Data processing shall continue for the duration of the Controller’s subscription to and use of TPH Services and as required by applicable law.
    1. Process personal data only on documented instructions from the Controller, which includes the scope and functionality of the TPH Service to which the Controller has subscribed. Such instructions are deemed documented through the Controller’s use of the Service, which defines the categories of data processed, the purposes of processing, and the form of output provided.
    2. Implement appropriate technical and organisational measures to ensure data security.
    3. Ensure staff confidentiality.
    4. Assist the Controller in fulfilling data subject rights.
    5. Notify the Controller without undue delay of any data breach.
    6. Delete or return personal data at the end of the processing relationship.
    1. You confirm that, where applicable, you have obtained all necessary rights, authority, and permissions to act as the Controller, including where you do so on behalf of another party. You further warrant that your instructions to TPH as Processor are lawful and compliant with applicable data protection laws.
    2. You are responsible for ensuring that the personal data you provide or instruct TPH to process has been collected and shared in compliance with applicable laws, including obtaining all required consents or having a lawful basis for the processing.
    3. You are solely responsible for the accuracy, quality, and legality of the personal data provided to TPH and for the means by which you acquired such data.
    4. You must maintain a record of your processing activities and fulfill your obligations under applicable data protection laws with respect to data subject requests, privacy notices, and lawful processing justification.
    5. You shall not instruct TPH to process data in a way that would cause TPH to violate POPIA or any other applicable data protection law.
    6. If TPH is required to assist you in responding to a request from a data subject or supervisory authority, you agree to provide all necessary information and cooperation in a timely and complete manner.
    1. TPH may engage sub-processors to fulfil its obligations. TPH ensures such engagements are subject to confidentiality and security obligations, and does not publicly disclose the identity of sub-processors except where legally required.
    1. If data is transferred outside of South Africa, such transfer shall be done in accordance with POPIA or equivalent legal safeguards.
    1. The Controller has the right to request evidence of compliance with this DPA and may conduct audits under agreed terms.
    2. Liability.
    3. Each party shall be liable only for damages caused by its own breach of this DPA or its own failure to comply with applicable data protection laws, and not for breaches caused by the other party’s instructions, actions, or omissions.
    1. This DPA shall terminate automatically when the Controller no longer has any active Services with TPH and their account and associated data have been fully removed from the TPH Online Portal, unless a separate signed agreement between the Parties expressly overrides this DPA. Termination shall not affect any provisions of this DPA or TPH General Terms and Conditions that by their nature are intended to survive, including but not limited to obligations relating to confidentiality, data return or deletion, audit rights, limitation of liability, and indemnity.
    1. Where the Controller grants access to the TPH Services or to processed personal data to any third party (including its own customers, affiliates, or partners), such access must be expressly permitted in accordance with the TPH General Terms and Conditions , applicable service agreements, or as otherwise authorised in writing by TPH. The Controller must ensure that it has a valid data processing agreement or other appropriate legal basis in place with such third party before granting access. The Controller remains solely responsible for ensuring that such access is lawful and complies with all applicable data protection laws. TPH acts exclusively on the Controller’s documented instructions and assumes no responsibility or obligation to such third parties.
    1. This Agreement is governed by the laws of South Africa and any disputes shall be resolved by the courts of the Republic of South Africa.
    1. We implement reasonable technical and organizational safeguards to protect your Personal Information from unauthorized access, loss, or misuse.

  • If you have any concerns or questions regarding this DPA, you can contact us at:

    Email:mailto:info@tph.io

    You may also contact the Information Regulator if you are not satisfied with how your request has been handled.