Codedevza AI

© 2026 Codedevza AI Ltd. All rights reserved.

DPA

  • Policies
  • DPA

Data Processing Agreement

Codedevza AI Ltd

Version: 4.3.2
 Effective Date: 01 June 2025

This Data Processing Agreement forms part of any agreement between Codedevza AI Ltd (“Processor”) and the organisation using Codedevza AI systems or services (“Controller”).
It governs how personal data is handled under the UK GDPR and the Data Protection Act 2018.

1. Parties

Controller: The organisation instructing Codedevza AI Ltd.

Processor: Codedevza AI Ltd, Company Number 16485057, ICO Registration ZB905842.

2. Purpose of Processing

Codedevza AI Ltd processes personal data only to deliver services requested by the Controller, including:

  • Digital platform development
  • System integration
  • AI and automation services
  • Consulting and ESG data alignment
  • Support, monitoring, and maintenance

No personal data is processed beyond these purposes unless agreed in writing.

3. Nature and Types of Data

During delivery, the Processor may handle:

  • User account profiles
  • Contact details
  • Access logs
  • Environmental, operational, and building-related datasets
  • CAFM, BMS, IoT, ESG integration metadata
  • Files or documents supplied by the Controller

The Processor does not determine the categories of personal data. This is the responsibility of the Controller.

4. Obligations of the Processor

Codedevza AI Ltd will:

4.1 Process personal data only on documented instructions from the Controller.

4.2 Maintain confidentiality of all processed data.

4.3 Apply appropriate security measures to protect data.

4.4 Assist the Controller in meeting GDPR duties where reasonable.

4.5 Ensure any sub-processors meet equivalent levels of protection.

4.6 Make documentation available for audits when justified.

4.7 Notify the Controller of incidents in line with Section 10.

The Processor will not:

  • Use data for its own purposes
  • Sell or transfer data for advertising
  • Remove or alter the Controller’s data without instruction

5. Obligations of the Controller

The Controller agrees to:

5.1 Ensure that personal data is lawful, accurate, and collected with valid grounds.

5.2 Provide the Processor with clear instructions.

5.3 Maintain secure environments for their own systems.

5.4 Ensure staff follow data protection requirements.

5.5 Hold legal responsibility for all disclosures to the ICO and Data Subjects.

The Controller remains the Data Controller at all times.

6. Sub-Processors

Codedevza AI Ltd may use trusted third-party providers for:

  • Cloud storage and hosting
  • System infrastructure
  • Analytics and monitoring
  • Email services
  • Support tools

All sub-processors are contractually required to follow GDPR-level protections.

The Processor maintains a current list of sub-processors upon request.

7. International Transfers

If personal data is transferred outside the UK:

  • Transfers follow UK GDPR adequacy decisions
  • Standard Contractual Clauses or equivalent safeguards are applied
  • Only reputable providers with appropriate security certifications are used

8. Data Security

Codedevza AI Ltd applies:

  • Encryption in transit and at rest
  • Role-based access control
  • Continuous monitoring
  • Secure infrastructure standards
  • Incident detection and logging
  • Secure development practices

The Processor is not responsible for security failures on systems it does not manage.

9. Data Subject Rights

The Processor assists only where necessary and reasonable. Requests for access, correction, erasure, or portability must be directed to the Controller. The Controller holds responsibility for responding to such requests.

10. Personal Data Breaches and ICO Notification

10.1 If the Processor becomes aware of a Personal Data Breach affecting data processed on behalf of the Controller, the Processor will:

  • Investigate without delay
  • Take reasonable steps to mitigate impact
  • Notify the Controller as soon as practicable
  • Provide relevant documentation for the Controller’s assessment

10.2 The Controller, as the Data Controller, is solely responsible for:

  • Notifying the Information Commissioner’s Office (ICO) when required
  • Notifying affected Data Subjects when required
  • Determining whether the breach meets the legal thresholds for reporting

10.3 Codedevza AI Ltd will not notify the ICO directly unless:

  • The Processor is acting as a Data Controller for specific processing
  • Legal obligations require Processor-level notification

10.4 The Processor is not liable for data breaches caused by:

  • Incorrect or unlawful data provided by the Controller
  • Insecure Controller infrastructure
  • Misuse or unauthorised access by Controller personnel
  • Inaccuracies or failures in third-party systems not under the Processor’s control
  • Misuse of software, hardware, predictions, or reports
  • Environmental or operational data not generated by Codedevza AI systems

10.5 Codedevza AI Ltd will maintain logs and evidence of:

  • Investigative actions
  • Root-cause findings
  • Mitigation steps
  • Communication with the Controller

10.6 The Processor is not liable for fines, penalties, losses, or actions taken by the ICO against the Controller.

11. Data Retention

The Processor retains data only for:

  • Active service delivery
  • Legal or contractual obligations
  • Audit, compliance, and security

When no longer required, data is deleted or anonymised using secure methods.

12. Return and Deletion of Data

Upon termination:

  • All Controller data is deleted, anonymised, or returned
  • Backups are purged according to standard retention cycles
  • The Controller may request a deletion certificate

13. Liability

13.1 Codedevza AI Ltd is not liable for any:

  • Indirect or consequential loss
  • Reputational loss
  • Loss of profit
  • Inaccurate ESG, operational, or environmental data not produced by Codedevza AI
  • Loss resulting from misuse of hardware or software
  • Failures caused by systems outside its control

13.2 Total liability for any claim is limited to the fees paid by the Controller during the twelve months preceding the incident.

14. Ownership and Intellectual Property

  • All software, platforms, tools, dashboards, AI systems, frameworks, and documentation created by the Processor remain the exclusive property of Codedevza AI Ltd unless expressly transferred in writing.
  • The Controller receives a licence to use deliverables for internal business purposes only.
  • No rights are granted to modify, resell, or distribute unless explicitly stated.

15. No Refunds

All payments are final. Refunds are not provided for:

  • Cancellations
  • Configuration outcomes
  • System performance affected by external data
  • Incorrect data supplied by the Controller
  • Misuse of hardware or software

16. Governing Law

This Agreement is governed by the laws of England and Wales. Disputes fall under the exclusive jurisdiction of the courts of England and Wales.

17. Contact Information

Codedevza AI Ltd
Covent Garden, London, United Kingdom
Company Number: 16485057
ICO Registration: ZB905842
Email: hello@codedevza.co.uk
Phone: +44 7398 879983
Website: https://codedevza.co.uk

18. About Codedevza AI Ltd

Codedevza AI builds digital systems that unify sustainability, facilities, and building operations through trusted data. We align CAFM, BMS, IoT, and ESG systems into consistent, verifiable information that supports compliance, audit, and measurable performance.

Every engagement begins with structure and ends with evidence.

This website stores cookies on your computer. Cookie Policy