GDPR Data Protection Addendum
Last Updated: December 2, 2025
Version 1
Data Protection
GDPR Data Protection Addendum
Last Updated: December 3, 2025
Effective Date: December 3, 2025
1. Scope
This Addendum applies to processing of Personal Data of EU/EEA residents under GDPR (Regulation 2016/679).
2. Roles and Responsibilities
Controller: Customer determines purposes and means of processing
Processor: Milenial Procurments Inc. processes data on Controller's behalf
3. Lawful Basis for Processing
Processing is conducted under:
Contract performance (Article 6(1)(b))
Legitimate interests (Article 6(1)(f))
Consent where required (Article 6(1)(a))
4. Data Subject Rights
We assist Controllers in responding to:
Access: Right to obtain copy of Personal Data
Rectification: Right to correct inaccurate data
Erasure: Right to deletion ("right to be forgotten")
Portability: Right to receive data in portable format
Restriction: Right to limit processing
Objection: Right to object to processing
Response timeline: 30 days from verified request
5. International Data Transfers
Transfers outside EEA use:
EU Standard Contractual Clauses (SCCs)
Supplementary measures as required
Transfer Impact Assessments
6. Data Protection Impact Assessments
We assist Controllers with DPIAs for high-risk processing activities.
7. Records of Processing
We maintain records per Article 30 including:
Categories of processing activities
Data categories and recipients
Transfer mechanisms
Retention periods
Security measures
8. EU Representative
For EU inquiries: eu-representative@milenialinc.com
Address: [EU Representative Address]
9. Contact
Data Protection Officer: dpo@milenialinc.com