Data Processing Addendum (DPA)


Important Notice: This DPA is provided as an optional agreement for Customers that require a data processing agreement under applicable data protection laws (e.g., GDPR, UK GDPR).

This DPA does not apply by default. It only becomes binding if:

 • The Customer completes and signs Annex I.A and submits it to Chinafy; OR
 • The Agreement (e.g., an Enterprise Order Form) explicitly incorporates this DPA by reference.
 • Where this DPA is not executed, Chinafy does not act as a Data Processor under GDPR or UK GDPR and provides Services solely as a technical optimization and delivery platform.

1. Purpose and Scope

This DPA governs Chinafy’s processing of Personal Data only when executed by the Customer. When effective, it supplements the main Agreement between the parties.

2. Definitions

 • “Data Protection Laws” refers to GDPR, UK GDPR, and other applicable data protection laws.
 • “Personal Data,” “Controller,” “Processor,” and related terms have the meanings given under the GDPR.

3. Roles of the Parties

 • The Customer acts as Controller (or Processor on behalf of a third-party Controller).
 • Chinafy acts as a Processor (or Sub-Processor), only upon execution of this DPA.

4. Nature of Processing

 • Purpose: Delivery, caching, optimization, and transmission of web content via Chinafy
 • Duration: Throughout the service period and 60 days thereafter
 • Data Types: HTTP headers, metadata, content, cookies, logs
 • Data Subjects: Visitors to Customer sites, authorized users, employees, contractors

Chinafy does not inspect, classify, or differentiate content. It acts as a pass-through delivery layer. Customer is solely responsible for applying classification, legal labels, and compliance mechanisms to transmitted content.

5. Obligations of Chinafy

When this DPA is executed, Chinafy agrees to:

 • Process Personal Data only in accordance with the Agreement and this DPA.
 • Maintain confidentiality and restrict access to authorized personnel.
 • Implement security measures (see Annex II).
 • Notify the Customer of any Personal Data Breach.
 • Assist with lawful Data Subject Requests, where required.
 • Delete or return Personal Data within 60 days after termination unless required to retain by law.

6. Sub-Processing

Chinafy uses Sub-Processors listed in Annex III.

Customers may object to new Sub-Processors within 10 days of notice.
Chinafy remains liable for Sub-Processor compliance.

7. International Transfers

If the DPA is executed:

 • EEA Transfers: Governed by the EU 2021 Standard Contractual Clauses (SCCs), included below.
 • UK Transfers: Governed by the UK International Data Transfer Addendum (Addendum B1.0).
 • Transfers from other jurisdictions follow appropriate legal safeguards (e.g., consent, contracts, adequacy).

8. Security Measures

See Annex II. Key measures include:

 • TLS/HTTPS encryption
 • IAM access controls
 • AWS CloudWatch monitoring
 • CDN segmentation and redundancy
 • Audit logging and infrastructure hardening

9. Data Retention and Deletion

Chinafy deletes Personal Data within 60 days of termination, unless retention is legally required.

10. Audit Rights

Enterprise Customers may request remote documentation, certifications, and summaries at most once annually.

11. Liability

Chinafy’s liability under this DPA is subject to the limitation of liability in the main Agreement.

12. Governing Law

Unless otherwise agreed:

 • EU SCCs: governed by English law
 • UK Addendum: governed by UK law
 • Other Customers: governed by Hong Kong SAR law

Execution & Legal Effect

This DPA is pre-signed by Chinafy and only becomes legally binding upon:

 • Customer’s valid execution of Annex I.A; OR
 • Reference to this DPA in a signed Enterprise Agreement or Order Form.
If this DPA is not executed, Chinafy is not a “Processor” and disclaims obligations under applicable data protection laws.

Standard Contractual Clauses (2021)

A. List of Parties

DATA  EXPORTER (CUSTOMER)

Legal Name: _____________________

Address: _____________________

Contact: _____________________

Role: Controller / Processor


DATA  IMPORTER 

Legal Name: Notey Limited

Address: Notey Limited: 4/F, Lee Garden Three, 1 Sunning Road, Causeway Bay, Hong Kong

Contact: privacy@notey.com

Role: Processor / Sub-Processor


Signature (Customer):

Name: _____________________

Title: ______________________

Date: ______________________


B. Description of Transfer

Described in Section 4 above.

C. Supervisory Authority

 • EU Customers: Supervisory authority in Customer’s member state
 • UK Customers: UK ICO

Annex II – Security Measures (TOMs)

 • TLS encryption (HTTPS)
 • AWS Shield, IAM controls
 • Access restriction to authorized personnel
 • Monitoring via AWS CloudWatch
 • Segmentation of data environments

Annex III – Sub-Processors

Please see Chinafy’s list of sub processors here: https://www.chinafy.com/subprocessors

UK Addendum Summary

The UK Addendum (version B1.0) applies when Customer is a UK entity. It incorporates the SCCs above with applicable UK-specific governance.




×

Notey will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at community@notey.com. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.