Last Updated: 29 March 2026
1. Introduction
This Data Processing Agreement (“DPA”) is entered into between Ovomox (“Ovomox”, “Processor”) and the Customer (“Controller”). This DPA governs the processing of Personal Information by Ovomox on behalf of the Customer in the course of providing our audio and video streaming management services.
2. Definitions
- Personal Information: Any information relating to an identified or identifiable natural person processed by Ovomox for the Customer.
- Data Protection Laws: Applicable laws governing the processing of personal data, including GDPR and UK GDPR.
- Sub-Processor: Any third-party engaged by Ovomox to process data.
3. Roles and Scope
Customer is the data controller, and Ovomox is the data processor. Ovomox processes data for the purpose of performing its obligations under the Service Agreement, including video/audio streaming, analytics, and account management.
4. Roles and Responsibilities
The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller and Ovomox is the Processor. Ovomox shall process Personal Data only on the documented instructions of the Customer, including with regard to transfers of personal data to a third country or an international organization.
4. Security Measures
Ovomox implements reasonable physical, technological, and administrative controls to safeguard the confidentiality and integrity of Personal Information. We maintain standards comparable to SOC 2 Type 2 for our information security practices.
5. Sub-Processors
Ovomox may engage sub-processors to assist in providing services. We remain liable for the acts and omissions of our sub-processors. A list of current sub-processors is available upon request at legal@ovomox.com.
7. Data Subject Rights
Ovomox shall, to the extent legally permitted, promptly notify Customer if it receives a request from a Data Subject to exercise their rights under Data Protection Laws. Ovomox shall assist Customer by appropriate technical and organizational measures for the fulfillment of Customer’s obligation to respond to such requests.
6. Data Transfers
Personal Information may be transferred to and processed in countries outside the EEA or the UK. We ensure such transfers are protected by adequate safeguards, including Standard Contractual Clauses (SCCs).
7. Breach Notification
Ovomox will notify the Customer of any data breach promptly after confirming the breach. We will provide reasonable assistance to the Customer in mitigating the impact and complying with notification obligations.
8. Returning or Deleting Data
Upon termination of the agreement, Ovomox will, at the Customer’s choice, delete or return all Personal Information, unless legal obligations require continued storage.
9. Corporate Information
Ovomox is a subsidiary of Ivx Group.
Company No. 17080224
Registered Address: Suite 70, 60 Tottenham Court Road London, W1T 2EW, United Kingdom.
10. Contact Information
For compliance matters, please contact legal@ovomox.com.
ANNEX 1: Details of Processing
Subject Matter: The subject matter of the processing is the provision of audio and video streaming management services.
Duration: The duration of the processing is the term of the Agreement.
Nature and Purpose: To provide, maintain, and improve the streaming control panel services and technical support.
Data Categories: IP addresses, usage data, broadcaster metadata, and any personal information included in the audio/video streams by the Customer.
Data Subjects: End-users (listeners/viewers) of the Customer’s streams and Customer’s authorized staff.
ANNEX 2: Security Measures
Ovomox maintains administrative, physical, and technical safeguards including:
- Secure access controls and authentication.
- Data encryption at rest and in transit.
- Regular vulnerability scanning and security patches.
- Employee training on data privacy and security.
- Physical security of data centers provided by sub-processors (e.g., AWS, Google Cloud).