Get started
Legal

Data Processing Addendum (DPA)

Please review this document carefully. If you have any questions, contact us at support@speedrecon.com .

Data Processing Addendum (DPA)

Effective Date: May 2026

This Data Processing Addendum (“DPA”) is incorporated into and forms part of the Terms of Service between Vencha Investments Ltd (“speedRecon”, “Processor”) and the customer (“Controller” or “you”).

1. Definitions

Capitalized terms used in this DPA shall have the meanings given to them in the Data Protection Act, 2012 (Act 843) of Ghana, unless otherwise defined herein.

2. Roles of the Parties

The parties acknowledge and agree that:

  • The Controller determines the purposes and means of the processing of Personal Data.
  • The Processor processes Personal Data on behalf of the Controller in accordance with the Controller’s instructions and the Terms of Service.

3. Scope of Processing

The Processor shall process Personal Data only as necessary to provide the Service to the Controller, including:

  • Hosting and storing data;
  • Providing technical support;
  • Performing backups and security maintenance;
  • Transmitting data as necessary for the functionality of the Service.

4. Processor’s Obligations

The Processor agrees to:

  • Process Personal Data only on documented instructions from the Controller, unless required to do so by law.
  • Ensure that persons authorized to process Personal Data are committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  • Not transfer Personal Data to a third party or outside of Ghana without the Controller’s prior authorization, unless required by law or necessary for the provision of sub-processing services approved by the Controller.

5. Sub-Processors

The Processor may engage sub-processors (e.g., cloud hosting providers, email services, payment processors) to perform specific tasks. The Processor shall remain liable for the obligations of its sub-processors. The Controller acknowledges the use of the following standard sub-processors:

  • Cloud Infrastructure Providers (e.g., AWS, Azure, or DigitalOcean)
  • Payment Processors (e.g., Paystack)
  • Email Service Providers

6. Data Subject Rights

Taking into account the nature of the processing, the Processor shall assist the Controller in fulfilling its obligations to respond to requests from data subjects regarding the processing of their Personal Data (e.g., access, rectification, deletion, or portability requests).

7. Data Deletion and Return

Upon termination of the Terms of Service, or at the Controller’s request, the Processor shall delete or return all Personal Data to the Controller. The Processor may retain a copy of Personal Data where required by Ghanaian law to do so.

8. Audit and Cooperation

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

9. Contact

For all matters related to data processing and this DPA, please contact:

Vencha Investments Ltd
support@speedrecon.com
432/13 Alwaleed Bin Talal Highway, Mamobi, Accra, Ghana