Data Processing Agreement

How Silux Chat processes personal data on behalf of business customers.

Last updated: 8 June 2026

1. Parties and Scope

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Silux Control UK Ltd T/A Silux Chat ("Silux Chat", "Processor", "we", "us"), a company registered in England and Wales with its registered address in Chesterfield, S43 3QE, United Kingdom, and the customer (the "Customer", "Controller", "you") who uses the Service to collect or process personal data of its own end users.

Where you use Silux Chat to process personal data of your customers, website visitors, or end users, you act as the controller and Silux Chat acts as your processor. This DPA applies to that processing.

2. Definitions

"Data Protection Laws" means all laws applicable to the processing of personal data under this DPA, including the UK GDPR and the Data Protection Act 2018, the EU GDPR (Regulation 2016/679) where applicable, and any equivalent data protection or privacy laws in other jurisdictions. Terms such as "personal data", "processing", "controller", "processor", and "data subject" have the meanings given in those laws.

3. Roles and Responsibilities

You, as controller, are responsible for establishing a lawful basis for processing, providing required privacy notices to your end users, and responding to the exercise of data subject rights. Silux Chat, as processor, will process personal data only on your documented instructions (including as set out in this DPA and the Service configuration) and as required by applicable law.

4. Subject Matter, Duration, Nature and Purpose

  • Subject matter: provision of the Silux Chat AI chatbot and live chat platform.
  • Duration: the term of your subscription, plus any retention period set out in our Privacy Policy.
  • Nature and purpose: hosting, storing, transmitting, and analysing conversations and related data to operate the Service.
  • Types of personal data: contact details, message content, identifiers, device/usage data, and any data your end users submit through the chatbot.
  • Categories of data subjects: your customers, prospects, website visitors, and other end users.

5. Security Measures

Silux Chat implements appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, network protections, logging, and regular review of our security posture. We maintain measures appropriate to the risk in accordance with Article 32 of the UK/EU GDPR.

6. Confidentiality

Silux Chat ensures that personnel authorised to process personal data are bound by appropriate confidentiality obligations and process personal data only as necessary to provide the Service.

7. Sub-processors

You provide general authorisation for Silux Chat to engage sub-processors (such as cloud hosting, payment, messaging, and analytics providers) to support the Service. We impose data protection obligations on each sub-processor that are no less protective than those in this DPA, and we remain responsible for their performance. A current list of sub-processors is available on request at info@siluxchat.com; we will give you reasonable notice of any intended changes so you may object on legitimate grounds.

8. International Transfers

Personal data is primarily processed on infrastructure located in the United Kingdom and/or European Economic Area. Where personal data is transferred to a country without an adequacy decision, we put in place an appropriate transfer mechanism, such as the UK International Data Transfer Agreement (IDTA) or Addendum, and/or the EU Standard Contractual Clauses (SCCs), together with any required supplementary measures.

9. Assistance to the Controller

Taking into account the nature of the processing, Silux Chat will provide reasonable assistance to help you: (a) respond to data subject requests; (b) ensure the security of processing; (c) notify and communicate personal data breaches; and (d) carry out data protection impact assessments and prior consultations, where applicable.

10. Personal Data Breaches

Silux Chat will notify you without undue delay after becoming aware of a personal data breach affecting your data, and will provide information reasonably available to us to help you meet your own notification obligations to regulators and data subjects.

11. Return and Deletion

On termination of the Service, and at your choice, Silux Chat will return or delete the personal data we process on your behalf, except where retention is required by applicable law. See our Privacy Policy for retention details.

12. Audits

Silux Chat will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable notice, confidentiality, and frequency limits.

13. Requesting a Signed DPA

If your organisation requires a countersigned copy of this DPA, please contact info@siluxchat.com and we will arrange it.