BUZ Software – Data Processing Addendum

Last updated: 1 May 2026

This Data Processing Addendum (“DPA”) forms part of the BUZ Software
Terms & Conditions and applies to the extent BUZ processes personal information on
behalf of a Subscriber in providing the Service.

1. Roles of the Parties

The Subscriber is the controller of personal information uploaded to the Service.
BUZ acts as a service provider and processes personal information only to provide,
maintain and support the Service.

2. Compliance with Australian Privacy Law

BUZ will handle personal information in accordance with the Australian Privacy Act
1988 (Cth) and the Australian Privacy Principles.

3. Optional GDPR Scope

Where the Subscriber is subject to the GDPR, BUZ acts as a processor and will:

• process personal data only on documented instructions from the Subscriber;
• ensure appropriate security measures are in place;
• assist with data subject requests where reasonably required;
• notify the Subscriber of a confirmed personal data breach unless prohibited by law.

4. Security Measures

BUZ implements reasonable administrative, technical and physical safeguards to
protect personal information but does not guarantee absolute security.

5. Subprocessors

The Subscriber authorises BUZ to engage subprocessors to provide the Service.
BUZ remains responsible for subprocessors to the extent required by law.

6. Data Deletion

Upon termination or cancellation of the Service, personal information is deleted
in accordance with the Terms & Conditions unless BUZ is required by law to retain it.

7. Precedence

In the event of inconsistency between this DPA and the Terms & Conditions,
this DPA prevails in relation to data processing matters.