Data Processing Agreement

Hagen Automation Ltd

Company registered in England and Wales Number 09894246

info@hagenautomation.com | robovigil.com

Version 1.1

Last updated: February 2026

This document forms part of the RoboVigil Licence Agreement

See also: RoboVigil Platform Privacy Policy (separate document)

This Data Processing Agreement (“DPA”) forms part of the RoboVigil Licence Agreement between Hagen Automation Ltd (the “Processor”) and you (the “Controller”) and governs the processing of personal data by the Processor on behalf of the Controller in connection with the RoboVigil Platform.

This DPA is entered into pursuant to Article 28 of the UK GDPR.

1. Definitions

Terms used in this DPA have the meanings given in the UK GDPR, the RoboVigil Licence Agreement, and the RoboVigil Platform Privacy Policy. Additionally:

  • “Controller Personal Data” means personal data that the Controller uploads to, transmits through, or generates via the Platform, and which the Processor processes on the Controller’s behalf.
  • “Data Protection Laws” means the UK GDPR, the Data Protection Act 2018, and any applicable subordinate legislation.
  • “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Controller Personal Data.
  • “Approved Sub-Processor List” means the list of sub-processors set out in Schedule 1 of this DPA and in the RoboVigil Platform Privacy Policy.

2. Scope and Purpose of Processing

2.1 Subject Matter and Data Minimisation

The Processor provides a cloud-based industrial monitoring platform that collects machine telemetry via OPC-UA, relays camera feeds, generates alerts, and calculates performance metrics.

The Platform is designed to minimise personal data processing. It primarily processes machine telemetry data, which typically does not contain personal data unless configured by the Controller to include user-identifying fields.

2.2 Processing Details

ElementDetail
Nature of processingCollection, storage, transmission, analysis, display, and AI-assisted classification of industrial machine data and camera feeds
PurposeTo provide the RoboVigil monitoring service as described in the Licence Agreement
DurationFor the term of the Controller’s subscription plus a 90-day data deletion period
Categories of data subjectsController’s employees, contractors, and visitors who may appear in camera feeds; Controller’s authorised Platform users
Types of personal dataNames, email addresses, device identifiers, IP addresses, authentication tokens, images of individuals captured by connected cameras

3. Processor Obligations

The Processor shall:

  • Process Controller Personal Data only on the Controller’s documented instructions, unless required to do so by applicable law. Where the Processor is required by law to process Controller Personal Data, the Processor shall inform the Controller of that legal requirement before processing, unless prohibited from doing so by law.
  • Ensure that persons authorised to process Controller Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Implement and maintain the technical and organisational security measures described in Schedule 2 of this DPA.
  • Not engage any sub-processor without the Controller’s prior general authorisation. The current list of approved sub-processors is set out in Schedule 1. The Controller hereby provides general authorisation for the sub-processors listed in Schedule 1.
  • Notify the Controller of any intended changes to sub-processors, giving the Controller 30 days to object. If the Controller raises a reasonable objection and no alternative is available, either party may terminate the affected service component.
  • Taking into account the nature of the processing, assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to data subject requests.
  • Assist the Controller in ensuring compliance with obligations relating to security of processing, notification of Security Incidents, data protection impact assessments, and prior consultation with the ICO, taking into account the nature of processing and the information available to the Processor.
  • At the Controller’s choice, delete or return all Controller Personal Data within 90 days after termination of the service, and delete existing copies unless applicable law requires retention.
  • Make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits and inspections as set out in Section 7.

4. Controller Obligations

The Controller shall:

  • Ensure that it has a lawful basis for providing personal data to the Processor.
  • Be solely responsible for ensuring compliance with Data Protection Laws in respect of any camera feeds connected to the Platform, including providing appropriate notices to and obtaining any necessary consents from individuals who may be captured by such cameras.
  • Provide documented processing instructions to the Processor.
  • Ensure that its use of the Platform complies with all applicable laws.

5. Security Incident Notification

The Processor shall notify the Controller without undue delay, and where feasible within 48 hours, after becoming aware of a Security Incident affecting Controller Personal Data. The notification shall include:

  • A description of the nature of the Security Incident, including where possible the categories and approximate number of data subjects and records concerned.
  • The name and contact details of the point of contact from whom more information can be obtained.
  • A description of the likely consequences of the Security Incident.
  • A description of the measures taken or proposed to be taken to address the Security Incident, including measures to mitigate its possible adverse effects.

The Processor shall cooperate with the Controller and take reasonable steps to assist in the investigation, mitigation, and remediation of any Security Incident.

6. International Transfers

The Processor shall not transfer Controller Personal Data outside the United Kingdom except to approved sub-processors listed in Schedule 1, operating under adequate safeguards including the UK-US Data Privacy Framework, UK Standard Contractual Clauses, or an applicable adequacy decision.

7. Audit Rights

The Controller may audit the Processor’s compliance with this DPA once per calendar year, upon 30 days’ written notice.

Audits will normally be satisfied by the Processor providing relevant compliance documentation, certifications, security questionnaire responses, or third-party audit reports. Where such documentation does not reasonably address the Controller’s concerns, the Controller may request a remote review with the Processor.

On-site inspections shall only be conducted where remote audit methods are insufficient to address a specific, documented compliance concern. On-site audits shall be conducted during normal business hours and shall not unreasonably interfere with the Processor’s operations.

The Controller shall bear its own costs in conducting any audit.

8. Law Enforcement and Legal Disclosure

The Processor may disclose Controller Personal Data if required to do so by law, regulation, court order, or other governmental request. Where legally permitted, the Processor will notify the Controller of any such request before disclosure.

9. Liability

The liability of each party under this DPA is subject to the limitations and exclusions set out in the RoboVigil Licence Agreement.

10. Term and Termination

This DPA shall remain in effect for the duration of the Controller’s subscription to the Platform. Upon termination, the Processor’s obligations under Section 3 shall continue with respect to any Controller Personal Data retained during the 90-day deletion period.

11. Governing Law

This DPA shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction over any dispute arising from this DPA.

12. Contact

For any queries regarding this DPA or data protection matters:

Hagen Automation Ltd

Email: info@hagenautomation.com

Website: robovigil.com

SCHEDULE 1: APPROVED SUB-PROCESSORS

The following sub-processors are authorised by the Controller under this DPA:

Sub-ProcessorPurposeData Location
Hetzner Online GmbHCloud server hosting, database storageGermany (EU)
Google (Firebase)Authentication, push notifications (FCM)EU/US (Data Privacy Framework)
Stripe, Inc.Payment processing, subscription managementEU/US (Data Privacy Framework)
Apple Inc.Push notifications (APNs), App Store distributionUS (Data Privacy Framework)
Google LLCPush notifications (FCM), Play Store distributionEU/US (Data Privacy Framework)
Anthropic PBCAI classification of machine configuration metadata; data analysis featuresUS (Standard Contractual Clauses)

The Processor will notify the Controller of any changes to this list, giving 30 days’ notice before engaging a new sub-processor. Notifications will be provided by updating this document and, where reasonably practicable, by notice within the Platform.

SCHEDULE 2: TECHNICAL AND ORGANISATIONAL MEASURES

The following measures are implemented by the Processor to protect Controller Personal Data:

A. Access Control

  • Firebase Authentication with multi-provider support (Apple, Google, email)
  • Role-based access control (admin and standard user roles)
  • Automatic session expiry and token refresh via WebSocket
  • Individual user accounts with unique credentials per tenant

B. Network Security

  • All data in transit encrypted via TLS 1.2+
  • Encrypted VPN tunnels (Wireguard) for all machine and camera data
  • Nginx reverse proxy with restricted access to backend services
  • Firewall rules restricting inbound access to required ports only
  • Per-tenant VPN relay containers providing network isolation

C. Data Isolation

  • Multi-tenant architecture with database-level tenant separation
  • Per-tenant VPN relay containers for machine and camera traffic
  • Tenant-scoped API access enforced at the service layer

D. Infrastructure Security

  • Dedicated cloud server (Hetzner, Germany)
  • Automated health monitoring with service recovery
  • Log rotation to prevent uncontrolled data accumulation
  • Regular database backups with tested recovery procedures
  • Dockerised microservice architecture with controlled deployment

E. Camera and Surveillance Data

  • Camera feeds streamed in real time via encrypted VPN tunnels; not recorded unless triggered by alert rules
  • Alert snapshots generated only by customer-defined alert rules
  • No facial recognition, biometric analysis, or identity detection
  • Push notifications contain only minimal alert metadata; no camera images

F. AI Processing

  • Machine configuration metadata sent to Anthropic for classification does not contain personal data
  • Anthropic does not use customer data for model training
  • Data analysis features limited to machine telemetry and operational data

G. Organisational Measures

  • Access to production systems restricted to authorised personnel
  • Authorised support personnel may access customer environments only when necessary for troubleshooting and under confidentiality obligations
  • Security review of codebase and infrastructure prior to commercial release
  • Sub-processor due diligence and contractual data protection obligations
  • Documented incident response procedure


© 2026 Hagen Automation Ltd. All rights reserved.