This Data Processing Addendum (“DPA”) applies where EIAAW SOLUTIONS processes personal data on your behalf as part of EIAAW Social Media Team. It forms part of, and is incorporated by reference into, our Terms of Service, and supplements our Privacy Policy. It is drafted for Malaysia's Personal Data Protection Act 2010 (PDPA) and is structured to also support GDPR (EU/UK) and Singapore PDPA where those apply to you.
For the brand content and audience data you submit to the service, you are the data controller (under the PDPA, the “data user”) and we are the data processor, processing personal data only on your documented instructions — principally, your use of the service's features. For your own account and billing data we act as controller; that is governed by our Privacy Policy, not this DPA.
| Aspect | Detail |
|---|---|
| Subject matter | Provision of the AI social-media service to you. |
| Duration | For as long as your account is active, plus the limited retention described below. |
| Nature & purpose | Drafting, designing, scheduling, publishing, and measuring social content; running the Compliance gate; producing receipts. |
| Types of data | Brand assets and prior posts, social handles and publishing tokens, and any personal data contained in the content you submit or generate. |
| Data subjects | Your team, your audience, and any individuals depicted or referenced in your content. |
You authorise us to engage sub-processors to deliver the service. Our current sub-processors are listed in our Privacy Policy (including Anthropic, FAL.AI, Stripe, Metricool, Blotato, and our cloud-hosting and email providers). We impose data-protection obligations on each sub-processor that are no less protective than those in this DPA, and we remain responsible for their performance. We will give reasonable notice of any new sub-processor so you may object on reasonable data-protection grounds.
Where a data subject contacts us directly about content you control, we will refer them to you. We will provide reasonable assistance to help you fulfil access, correction, deletion, and objection requests within the timelines the applicable law requires.
We will notify you without undue delay after becoming aware of a personal-data breach affecting data we process for you, and provide the information reasonably available to help you meet your own notification obligations.
Some sub-processors process data outside Malaysia. Where that happens we rely on the safeguards the relevant law permits — the provider's contractual commitments, an adequacy/whitelist mechanism, standard contractual clauses, or your consent, as applicable to your jurisdiction (including GDPR Chapter V and Singapore PDPA transfer rules where they apply to you).
On termination, and on your request, we delete or return the personal data we process for you, except where retention is required by law. Brand content is deleted on workspace deletion, subject to short-lived backups that age out.
On reasonable prior written notice, and no more than once a year (unless a regulator requires otherwise or following a confirmed breach), we will respond to a reasonable, confidential request for information needed to verify our compliance with this DPA. On-site audits, where strictly required by law, are by prior agreement and at your cost.
EIAAW SOLUTIONS (SSM Reg. No. 202603133419 / CT0164540-H), Kuala Lumpur, Malaysia · eiaawsolutions@gmail.com. See also our Terms of Service, Privacy Policy, and Security page.