ISOWELD

Home ?
Data Processing Agreement (DPA) ?

Data Processing Agreement (DPA)

Effective Date: August 3, 2025

This Data Processing Agreement (“DPA”) forms part of the legal framework governing use of ISOweld and applies where ISOweld processes personal information or personal data on behalf of a customer. ISOweld is operated by Damien Crane (ABN: 50 803 660 487), New South Wales, Australia. This DPA should be read with the Terms of Use, Privacy Policy, Third-Party Services & Integrations, and Data Security Policy.

1. Roles of the Parties

For the purposes of applicable privacy or data protection law:

  • the customer generally acts as the controller, principal, or entity determining the purpose of processing; and
  • ISOweld generally acts as a processor or service provider to the extent it processes data on the customer’s behalf in order to provide the Platform.

2. Scope of Processing

ISOweld may process information necessary to provide, secure, support, maintain, and improve the Platform, including:

  • employee records and contact details;
  • licenses, qualifications, inductions, and certifications;
  • job, schedule, assignment, vehicle, tooling, and equipment records;
  • documents, attachments, and uploaded files;
  • sign-in records, audit logs, and system usage history.

3. Nature and Purpose of Processing

Processing may include collection, storage, organisation, structuring, retrieval, display, transmission, backup, synchronisation, deletion, and other handling necessary for:

  • account and user management;
  • compliance tracking and traceability;
  • document and record control;
  • operational workflow management;
  • security, auditing, support, maintenance, and incident response.

4. Categories of Data Subjects

Data subjects may include employees, contractors, administrators, company representatives, customers, site visitors, and other individuals whose information is uploaded or entered by the customer.

5. Security Measures

ISOweld applies reasonable technical and organisational measures appropriate to the nature of the services and information processed. These may include role-based access controls, authentication protections, logging, secure transmission practices, validation controls, and structured handling of records.

6. Customer Responsibilities

The customer remains responsible for:

  • ensuring it has a lawful basis to collect and submit data to ISOweld;
  • determining what data is entered, uploaded, or connected to the Platform;
  • configuring permissions and approving user access appropriately;
  • responding to data subject requests where required by law;
  • ensuring that use of the Platform complies with its own contractual, legal, and policy obligations.

7. Subprocessors and Third-Party Providers

ISOweld may use third-party providers and subprocessors to support functionality, including Microsoft SharePoint, OpenAI, Google Maps Platform, ClickUp, and WorkflowMax2. Where data is transmitted to those services, their own terms, privacy notices, infrastructure, and compliance frameworks apply in addition to this DPA.

8. Data Location and Hosting

Data may be hosted or processed through ISOweld-managed systems, third-party cloud systems, or customer-controlled environments such as Microsoft 365 / SharePoint, depending on feature configuration and workflow requirements.

9. Data Retention and Deletion

ISOweld may retain information for as long as reasonably necessary to provide services, maintain records, comply with legal obligations, support audit trails, resolve disputes, and enforce agreements. Audit logs and traceability records may be retained for extended periods. Deletion timing may depend on customer action, system processes, legal obligations, and third-party storage arrangements.

10. Data Breach Response

If ISOweld becomes aware of a confirmed data incident affecting customer data within systems under its control, reasonable steps may be taken to investigate, contain, and respond. Notification timing and scope will depend on applicable law, available evidence, and the extent of ISOweld’s control over the affected systems.

11. Assistance with Data Rights

Where technically feasible and appropriate, ISOweld may assist customers in responding to requests relating to access, correction, deletion, or restriction of processing. Customers remain primarily responsible for managing such requests unless otherwise agreed in writing.

12. Limitation of Liability

Nothing in this DPA expands liability beyond what is provided under the broader contractual framework. Damien Crane is not liable for incidents arising from customer instructions, customer misconfiguration, third-party systems, unlawful data submission, user negligence, or processing outside ISOweld’s control.

13. Governing Law

This DPA is governed by the laws of New South Wales, Australia, unless another governing law is expressly agreed in a separate written agreement.

14. Contact Us

For data processing and privacy governance enquiries, contact:

Damien Crane
Sole Trader, ISOweld
support@isoweld.damocrane.com
0498251470
New South Wales, Australia