Home · Legal · Data Processing Agreement

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between 48bit Solutions (Wisky & Neks Ltd) and the customer. It governs 48bit Solutions's processing of personal data on behalf of the customer in connection with the Service.

Effective date: 1 January 2026 · Version: 1.0

1. Roles

For personal data processed under this DPA, the customer is the controller and 48bit Solutions is the processor, except where 48bit Solutions acts as an independent controller for purposes of network security, fraud prevention, regulator obligations, and operation of the Service generally — in which case 48bit Solutions's processing is governed by its Privacy Policy.

2. Processing details (Annex A)

2.1 Subject matter

Provision of wholesale voice services: SIP termination, DID numbers, SIP trunking, reseller portal, billing.

2.2 Duration

For the term of the customer agreement, plus retention periods set out in the Privacy Policy.

2.3 Nature and purpose

2.4 Categories of data subjects

2.5 Categories of personal data

3. Processor obligations

3.1 Documented instructions

48bit Solutions processes personal data only on the customer's documented instructions, including those set out in the Order, the Terms of Service, and this DPA. 48bit Solutions will inform the customer if, in its opinion, an instruction infringes UK GDPR / EU GDPR or applicable law.

3.2 Confidentiality

Personnel authorised to process personal data are bound by appropriate confidentiality obligations.

3.3 Security measures

48bit Solutions implements appropriate technical and organisational measures, including those described in the Privacy Policy section 8 and applicable industry standards. Specifically:

3.4 Sub-processors

48bit Solutions may engage sub-processors for hosting, network infrastructure, payments, fraud-detection, and analytics. Current sub-processors are listed at the customer portal and may include:

48bit Solutions flows down written data-processing terms to sub-processors equivalent to those in this DPA. Notice of sub-processor changes is given at least thirty (30) days in advance to allow the customer to object on reasonable grounds.

3.5 Assistance

48bit Solutions provides reasonable assistance to the customer in: responding to data-subject requests; ensuring compliance with security, breach-notification, and impact-assessment obligations; engaging with the supervisory authority.

3.6 Breach notification

48bit Solutions notifies the customer without undue delay (and in any event within seventy-two (72) hours) on becoming aware of a personal-data breach affecting customer data, with the information required for the customer to meet its own notification obligations.

3.7 Deletion or return

On termination of the Service, 48bit Solutions deletes or returns personal data to the customer at the customer's choice, except to the extent retention is required by applicable law (telecommunications retention, audit, regulator obligations).

3.8 Audits

48bit Solutions makes available the information necessary to demonstrate compliance with this DPA. Where the customer requires further verification, audits may be conducted on reasonable advance notice (at least 30 days), during business hours, no more than once per twelve (12) months, and at the customer's expense, save for serious findings of non-compliance.

4. International transfers

Personal data is hosted in the European Economic Area (primary) and the United Kingdom (failover). Where a transfer to a third country is necessary for the Service (e.g. routing to a non-EEA destination), 48bit Solutions relies on an applicable safeguard under UK GDPR / EU GDPR (adequacy decision, standard contractual clauses, or other approved mechanism).

5. Liability

Liability under this DPA is governed by, and subject to the limitations and exclusions in, the Terms of Service.

6. Order of precedence

In the event of conflict between this DPA and the Terms of Service in respect of personal-data processing, this DPA prevails.

7. Governing law

This DPA is governed by the laws of England and Wales.

8. Contact

Data-protection enquiries and DPA execution: compliance@48bitsolution.co.uk
Wisky & Neks Ltd, Dept 5429, 43 Owston Road, Carcroft, Doncaster, DN6 8DA, United Kingdom.