Mooring

Legal

Data processing agreement

Last updated: 2026-06-07

This Data Processing Agreement (“DPA”) forms part of our terms of service. It applies where Digital Stratagems Limited (“Processor”) processes personal data on behalf of a customer (“Controller”) — for example, through Mooring’s sync and server features.

Digital Stratagems Limited
UK company number: 14268586
153–155 London Road, Hemel Hempstead, Hertfordshire, HP3 9SQ, United Kingdom
Legal & data protection: [email protected]

1. Subject matter

1.1. This DPA governs the processing of personal data by the Processor on behalf of the Controller in connection with the provision of Mooring.

2. Roles

2.1. The Controller determines the purposes and means of processing personal data.

2.2. The Processor processes personal data only on documented instructions from the Controller.

3. Processor obligations

3.1. The Processor shall:

  • process personal data only on the Controller’s documented instructions (unless required by law);
  • ensure that people authorised to process personal data are bound by confidentiality;
  • implement appropriate technical and organisational measures to protect personal data;
  • assist the Controller in responding to data-subject rights requests;
  • assist with data-protection impact assessments and consultations with regulators;
  • notify the Controller without undue delay on becoming aware of a personal-data breach; and
  • make available the information necessary to demonstrate compliance with this DPA.

4. Sub-processors

4.1. The Processor may engage sub-processors to support delivery of Mooring.

4.2. Our current sub-processors are listed in our sub-processors page, and a copy is available on request from [email protected].

4.3. The Processor may update its sub-processors as its infrastructure evolves. The Controller may object on reasonable grounds; if the objection can’t be resolved, either party may terminate the affected service.

5. International transfers

5.1. Where personal data is transferred outside the UK or EEA, the Processor will ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses (2021).

6. Duration and termination

6.1. This DPA remains in force for as long as the Processor processes personal data on behalf of the Controller.

6.2. On termination, the Processor will delete or return all personal data within 30 days, unless the law requires it to be kept.

7. Security measures

7.1. The Processor shall implement at least:

  • encryption of data in transit and at rest;
  • access controls and authentication;
  • regular backups and recovery procedures;
  • logging and monitoring of access;
  • security training for personnel; and
  • vulnerability management and patching.

8. Liability

8.1. Liability under this DPA is governed by the limitation-of-liability provisions in our terms of service.

9. Governing law

9.1. This DPA is governed by the laws of England and Wales.

Annex 1 — details of processing

  • Subject matter: provision of Mooring’s sync and server features.
  • Duration: for the term of the service.
  • Nature and purpose: processing personal data as necessary to provide the service, including storage, transmission, and support.
  • Types of data: identification data (names, emails), account data, billing data, and usage data (logs, IP addresses).
  • Categories of data subjects: the Controller’s authorised users and other individuals whose personal data the Controller puts into the service.