← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.

Data Processing Addendum Template

Customization required. This template is provided for policy operations and counsel review. Replace every NEXQ-reviewed value, verify every factual statement, and confirm applicability before publication. The template is not legal advice and does not create an attorney-client relationship.

Effective date: September 18, 2024
Last updated: September 18, 2024
Owner: NEXQ privacy, security, and legal operations
Applies to: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services

This DPA template is for controller/processor, business/service-provider, and subprocessor relationships involving NEXQ. It must be reconciled with the commercial agreement.

1. Roles

Customer is the controller/business and NEXQ is the processor/service provider/contractor for customer personal data, unless the parties state otherwise in an order form or product-specific terms.

2. Instructions

NEXQ will process customer personal data only on documented instructions, including the agreement, order forms, product settings, support requests, and lawful customer directions.

3. Details of processing

Field Description
Subject matter Provision, security, support, and improvement of NEXQ services under the applicable agreement.
Duration term of agreement plus deletion/return period
Nature and purpose provide, secure, support, and improve contracted services as permitted
Categories of data subjects users, customers, employees, patients, applicants, visitors, or as specified
Categories of personal data account, usage, support, content, health, or other specified categories
Sensitive data Sensitive data only where expressly enabled, necessary, consented, contractually authorized, or legally required.

4. Confidentiality and security

NEXQ will ensure personnel authorized to process personal data are bound by confidentiality and will implement appropriate technical and organizational measures.

5. Subprocessors

Customer authorizes subprocessors listed at https://nexq.us/legal-policy-bundle/site/policies/subprocessor-policy.html. NEXQ will impose materially protective obligations and provide notice of material changes where required.

6. Assistance

NEXQ will reasonably assist with data subject requests, DPIAs, security, breach notifications, and regulatory inquiries to the extent required and applicable.

7. International transfers

Where required, the parties will use approved transfer mechanisms such as SCCs, UK Addendum/IDTA, DPF certification where valid, or other lawful mechanisms. Insert transfer terms at https://nexq.us/legal#cross-border-transfer-controls.

8. Deletion or return

At the end of services, NEXQ will delete or return customer personal data as required by the agreement, unless retention is required by law or legitimate backup/security processes.

9. Audit

NEXQ will provide reasonable audit information such as security reports, certifications, questionnaires, or customer audits subject to confidentiality, frequency, scope, and security limits.

10. CCPA service-provider terms

NEXQ will not sell or share customer personal information, retain/use/disclose it outside the business purpose, or combine it except as permitted by applicable law and the agreement.