Mifu Data Processing Agreement

1. Parties

This Data Processing Agreement ("DPA") is between Mifu Ltd ("Processor") and the Brand/Influencer ("Controller").

2. Purpose

Mifu processes personal data solely to provide influencer marketing services as described in the main Agreement.

3. Processor Obligations

Mifu shall:

• Process data only on documented instructions of Controller.
• Implement appropriate technical and organisational security measures.
• Ensure confidentiality of personnel.
• Assist Controller in fulfilling data subject rights.
• Notify Controller without undue delay of any data breach.
• Maintain records of processing.
• Delete or return data at the end of services.

4. Subprocessors

Mifu may engage subprocessors (e.g., hosting, payment processors). A list will be maintained and provided upon request. Mifu remains liable for subprocessors.

5. International Transfers

Where data is transferred outside the UK/EEA, Mifu shall ensure appropriate safeguards (SCCs, adequacy decision).

6. Audit Rights

Controller may audit compliance with reasonable notice. Mifu may provide certifications or reports as evidence.

7. Governing Law

This DPA is governed by the laws of England & Wales.