DATA PROCESSING AGREEMENT (DPA)

(Contains: Full Data Processing Agreement text)

Effective Date: January 1, 2026

This Data Processing Agreement (“Agreement” or “DPA”) forms part of the agreement between Customer (the “Controller”) and ROZOR dba Robotech Labs Inc. (the “Processor”). This DPA applies where ROZOR processes Personal Data on behalf of the Controller in connection with ROZOR’s products, services, software, or robotics systems.

1. Definitions

Terms such as “Personal Data,” “Processing,” “Controller,” “Processor,” and “Data Subject” shall have the meanings given in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Scope and Purpose

ROZOR shall process Personal Data solely on documented instructions from the Controller for: providing and maintaining services, system diagnostics, support, security monitoring, and legal compliance.

3. Categories of Data and Subjects

• Data Subjects: Customer employees, authorized users, and (where unavoidable) facility occupants/patients.
• Personal Data: Identification data (name, email), contact details, system usage logs, device telemetry, and limited location data. Special categories (health data) are not intentionally processed unless explicitly agreed.

4. Processor Obligations

ROZOR shall: a) Process Personal Data only on documented instructions. b) Ensure authorized personnel are bound by confidentiality. c) Implement appropriate technical and organizational security measures. d) Assist the Controller in responding to Data Subject requests. e) Notify the Controller without undue delay of a Personal Data Breach. f) Delete or return Personal Data upon termination of Services. g) Make available information necessary to demonstrate compliance.

5. Security Measures

ROZOR implements industry-standard measures including access control, encryption, secure infrastructure, incident response, and regular assessments. (See Annex II below).

6. Sub-Processors & International Transfers

The Controller authorizes ROZOR to engage Sub-Processors with equivalent data protection obligations. For transfers outside the EEA/UK, ROZOR ensures safeguards such as EU Standard Contractual Clauses (SCCs).

7. Breach Notification & Audits

ROZOR shall notify the Controller regarding breaches with details on consequences and mitigation. Upon reasonable notice, the Controller may audit ROZOR’s compliance, subject to confidentiality and operational constraints.

8. Term, Termination & Liability

This DPA remains effective during the Processing of Personal Data. Upon termination, ROZOR shall return or delete data. Liability is subject to the main agreement limitations.

9. Governing Law

This DPA shall be governed by the laws of the Province of Ontario and the federal laws of Canada.

Annex I – Processing Details

• Subject Matter: Provision of robotics, software, and support services.
• Duration: Term of the Services.
• Nature: Collection, storage, access, transmission, deletion.
• Purpose: Service delivery and support.

Annex II – Technical and Organizational Measures

ROZOR maintains security controls including:

• Logical access controls & Physical security safeguards
• Network security and firewalls
• Incident response procedures & Secure development practices
• Vendor risk management

Contact for Data Protection Matters: ROZOR dba Robotech Labs Inc. 204-175 Longwood Rd. S, McMaster Innovation Park, ON, L8P0A1, Canada legal@rozor.ai