Hubnity Data Processing Agreement
Last updated: June 22, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Customer", "Controller") and FENS Trade FZ-LLC, operating as Hubnity ("Hubnity", "Processor", "we", "us", or "our"), for the use of the Hubnity services (the "Services"), as described in our Terms of Service and Privacy Policy.
This DPA applies where, and to the extent that, Hubnity processes Personal Data on behalf of the Customer in the course of providing the Services, and such processing is subject to applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR (together, "Data Protection Laws"). Where there is a conflict between this DPA and the rest of the Agreement on the subject of data protection, this DPA prevails.
1. Definitions
Terms such as "Personal Data", "Processing", "Controller", "Processor", "Data Subject", "Personal Data Breach", and "Supervisory Authority" have the meanings given to them in the Data Protection Laws. "Sub-processor" means any third party engaged by Hubnity to process Personal Data on behalf of the Customer.
2. Roles and Scope
The parties agree that, with respect to the Processing of Personal Data submitted to the Services by or on behalf of the Customer ("Customer Personal Data"), the Customer acts as the Controller and Hubnity acts as the Processor. Where the Customer itself acts as a processor for a third-party controller, Hubnity acts as a sub-processor.
Hubnity acts as an independent Controller for limited data it processes for its own purposes, such as account administration, billing, security, and improving the Services, as described in our Privacy Policy. This DPA does not apply to that processing.
3. Processing Instructions
Hubnity will process Customer Personal Data only on the Customer's documented instructions, including as set out in this DPA and the Agreement, and as necessary to provide the Services, unless required to do otherwise by applicable law (in which case Hubnity will, where legally permitted, inform the Customer). Hubnity will promptly inform the Customer if, in its opinion, an instruction infringes Data Protection Laws.
The Customer is responsible for ensuring it has a valid legal basis for the Processing, that its instructions are lawful, and—where the Services are used to monitor staff, including through screenshots and activity tracking—that it has provided all required notices and obtained all required consents from the relevant Data Subjects.
4. Confidentiality
Hubnity will ensure that persons authorized to process Customer Personal Data are bound by appropriate obligations of confidentiality and have received appropriate data protection training. Access is limited to personnel who need it to provide the Services.
5. Security
Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, Hubnity will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as further described in Annex 2. The Customer is responsible for the secure use of the Services on its side, including access management for its Users.
6. Sub-processors
The Customer provides a general authorization for Hubnity to engage Sub-processors to support the provision of the Services. Hubnity will:
- 1.impose data protection obligations on each Sub-processor that are no less protective than those in this DPA;
- 2.remain liable to the Customer for the performance of each Sub-processor's obligations;
- 3.make available a current list of Sub-processors and give the Customer reasonable prior notice of any intended addition or replacement, so the Customer has the opportunity to object on reasonable data protection grounds.
A current list of Sub-processors and the categories described in Annex 3 is available on request at info@hubnity.eu.
7. Assistance with Data Subject Rights
Taking into account the nature of the Processing, Hubnity will assist the Customer by appropriate technical and organizational measures, and through the functionality of the Services, in responding to requests from Data Subjects exercising their rights under Data Protection Laws. If Hubnity receives such a request directly, it will, where permitted, forward it to the Customer and will not respond except on the Customer's instructions or as required by law.
8. Assistance with Compliance
Hubnity will provide the Customer with reasonable assistance, taking into account the nature of Processing and the information available to Hubnity, with the Customer's obligations regarding security, Personal Data Breach notifications, data protection impact assessments, and prior consultations with Supervisory Authorities.
9. Personal Data Breach
Hubnity will notify the Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data, and will provide the Customer with information reasonably available to it to assist the Customer in meeting its breach notification obligations.
10. International Data Transfers
Hubnity and its Sub-processors may process Customer Personal Data in countries outside the Customer's own. Where Hubnity transfers Customer Personal Data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, the transfer will be governed by an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable), which are incorporated into this DPA by reference.
11. Deletion or Return of Personal Data
Upon termination or expiry of the Services, and at the Customer's choice, Hubnity will delete or return Customer Personal Data, and delete existing copies, unless applicable law requires continued storage. Hubnity may retain Customer Personal Data in routine backups for a limited period, during which it remains protected by this DPA and is then deleted in the ordinary course.
12. Audits and Information
Hubnity will make available to the Customer information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by the Customer or an auditor it mandates. Audits will be subject to reasonable notice, confidentiality obligations, and Hubnity's security and operational requirements, and may be satisfied by relevant third-party reports or certifications where available.
13. Liability and Precedence
Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement. In the event of a conflict, this DPA prevails over the rest of the Agreement with respect to data protection, and the Standard Contractual Clauses prevail over this DPA with respect to transfers they govern.
14. Governing Law
This DPA is governed by the same law and subject to the same jurisdiction as the Agreement, namely the laws of the United Arab Emirates as applied in the Emirate of Ras Al Khaimah, except where Data Protection Laws or the Standard Contractual Clauses require otherwise.
15. Contact
Questions about this DPA or requests to enter into a signed copy can be directed to our privacy team at info@hubnity.eu.
Annex 1 — Details of the Processing
- 1.Subject matter: provision of the Hubnity time tracking and team management Services.
- 2.Duration: for the term of the Agreement, plus any retention period described in this DPA and the Privacy Policy.
- 3.Nature and purpose: hosting, storage, and processing of Customer Personal Data to operate the Services, including time tracking, activity and productivity measurement, reporting, and support.
- 4.Types of Personal Data: identification and contact data (such as name, email, profile details), account and organization data, and usage and activity data (such as time entries, application and website usage, activity levels, and screenshots where enabled).
- 5.Categories of Data Subjects: the Customer's administrators, employees, contractors, and other authorized Users.
Annex 2 — Security Measures
Hubnity maintains appropriate technical and organizational measures, which may include:
- 1.encryption of data in transit and, where appropriate, at rest;
- 2.access controls, authentication, and least-privilege access for personnel;
- 3.network and application security controls and monitoring;
- 4.logging, backups, and resilience measures;
- 5.policies, confidentiality obligations, and training for personnel.
Annex 3 — Sub-processors
Hubnity engages Sub-processors in categories such as cloud hosting and infrastructure, payment processing, error monitoring and analytics, and communication and support tools. The current list is available on our Sub-processors page, or on request at info@hubnity.eu.