Between:
SRI Group BV (“Processor”)
and
Client (“Controller”)

​

1. Roles

For purposes of GDPR:

Client = Data Controller
SRI Group BV = Data Processor

Processor acts only on documented instructions of the Controller.

​

2. Scope of Processing

Processing activities may include:

• AI systems architecture

• Workflow automation

• Knowledge infrastructure

• Data analysis

• AI integration​

​

3. Categories of Data

As determined by Controller. May include:

• Customer data

• Employee data

• Business contact data

• Operational records

​

4. Processor Obligations

Processor shall:

• Process data only on documented instructions

• Ensure confidentiality

• Implement appropriate security measures

• Assist with GDPR compliance

• Notify Controller of data breaches without undue delay

• Delete or return data upon termination

​

5. Subprocessors

Processor may engage subprocessors (e.g., cloud providers).

Processor ensures equivalent data protection obligations via contractual agreements.

​

6. Security

Security measures include:

• Role-based access control

• Encryption where applicable

• Secure hosting infrastructure

• Internal access policies

​

7. AI Training Restriction 

Client data shall not be used to train general-purpose AI models or shared across clients unless explicitly agreed in writing.

This protects you against enterprise red flags.

​

8. Data Deletion

Upon termination, Processor shall:

• Return data, or

• Securely delete data

As instructed by Controller.

​

9. Governing Law

This DPA is governed by Belgian law.