# GateWise NG Data Processing Addendum

Effective date: 25th May, 2026.

This Data Processing Addendum ("DPA") applies when GateWise NG processes personal data on behalf of a Customer under a subscription, order form, service agreement, or other written agreement.

This DPA is intended to support responsible data processing for estate visitor-management and related services. If there is a conflict between this DPA and a signed agreement, the signed agreement controls to the extent of the conflict.

## 1. Parties

"Customer" means the estate, estate association, property manager, company, or other organization using GateWise.

"GateWise" means Globulus Technology Limited acting through the GateWise NG product.

## 2. Roles

For personal data entered into GateWise by or for a Customer, the Customer generally determines the purpose and means of processing. GateWise generally processes that data to provide the service.

Depending on the activity, GateWise may act as:

- a processor for customer-managed estate, resident, guard, visitor, and operational data
- a controller for its own account administration, billing, platform security, legal compliance, and business operations
- a joint or independent controller where law or the facts require that classification

The parties will cooperate in good faith to clarify roles where needed.

## 3. Processing Instructions

GateWise will process Customer personal data only:

- to provide, secure, support, maintain, and improve GateWise
- according to the Customer's documented instructions
- as required by applicable law
- as described in the agreement, this DPA, and GateWise policies

If GateWise believes an instruction violates applicable law, GateWise may notify the Customer and suspend the instruction until resolved.

## 4. Processing Details

Subject matter: estate visitor-management, account management, access-support operations, reporting, onboarding, billing support, notifications, and customer support.

Duration: for the term of the Customer's subscription or agreement, plus any retention period required for legal, safety, billing, audit, or dispute purposes.

Nature and purpose: collection, recording, storage, organization, retrieval, use, disclosure to authorized users, support, deletion, anonymization, and other processing needed to provide GateWise.

Categories of data subjects:

- estate administrators
- security supervisors
- guards
- residents
- visitors
- sales partners where enabled
- support contacts

Categories of personal data:

- names and contact details
- roles and permissions
- estate and unit references
- visitor pass and access records
- check-in and checkout records
- incident and support records
- payment and subscription references
- technical, usage, and security data

Sensitive data: GateWise does not require Customers to submit sensitive data unless a feature, legal obligation, or customer policy requires it. Customers should avoid submitting unnecessary sensitive data.

## 5. Customer Obligations

Customer will:

- provide lawful instructions to GateWise
- ensure it has a lawful basis for personal data submitted to GateWise
- provide required notices to residents, guards, visitors, staff, and other users
- keep user access accurate and limited to authorized persons
- respond to privacy requests where Customer controls the data
- use GateWise according to applicable law and agreement terms
- promptly notify GateWise of suspected unauthorized access or incorrect data

## 6. GateWise Obligations

GateWise will:

- process Customer personal data only for authorized purposes
- use reasonable safeguards to protect personal data
- limit staff and partner access to authorized needs
- require confidentiality from personnel with access to personal data
- assist with privacy requests where reasonably required
- notify Customer of confirmed personal data incidents where required
- delete, return, or anonymize Customer personal data at the end of service as described in the agreement and policies

## 7. Confidentiality

GateWise will ensure that personnel authorized to process Customer personal data are subject to confidentiality obligations or a professional duty of confidentiality.

## 8. Security Measures

GateWise will maintain appropriate technical and organizational measures designed to protect Customer personal data against unauthorized access, loss, misuse, alteration, and disclosure.

Security measures may include access controls, authentication, role-based permissions, audit records, provider review, protected support workflows, incident response procedures, and periodic review.

GateWise does not publish detailed internal security configurations or defensive procedures.

## 9. Subprocessors

Customer authorizes GateWise to use service providers needed to provide GateWise, including providers for hosting, communications, payments, analytics, support, and security.

GateWise will require subprocessors to protect personal data and process it only for authorized purposes. GateWise remains responsible for its subprocessors to the extent required by applicable law and agreement terms.

GateWise may maintain a public or customer-available subprocessor list. Customers may object to a new subprocessor where required by the applicable agreement.

## 10. International Transfers

GateWise and its subprocessors may process data in countries outside the Customer's location. GateWise will apply appropriate safeguards required by applicable law.

## 11. Privacy Requests

If GateWise receives a privacy request about Customer-controlled data, GateWise may direct the requester to the Customer or assist the Customer in responding.

Customer is responsible for deciding whether to approve access, correction, deletion, anonymization, or objection requests where Customer controls the data.

## 12. Personal Data Incidents

GateWise will notify Customer without undue delay after confirming a personal data incident affecting Customer personal data, where notice is required by law or agreement.

Notice may include available information about the nature of the incident, affected data categories, likely consequences, actions taken, and recommended Customer steps.

## 13. Audit and Information

GateWise will provide reasonable information needed to demonstrate compliance with this DPA, subject to confidentiality, security, and protection of other customers.

Any audit must be reasonable, limited, scheduled in advance, and must not compromise GateWise security, operations, or other customer data.

## 14. Return, Deletion, and Anonymization

At termination, GateWise will handle Customer personal data according to the agreement and the Data Retention and Deletion Policy.

GateWise may delete, return, or anonymize data. Where data is anonymized, direct identifiers are removed, masked, or replaced so the record is no longer reasonably linked to an identifiable person.

GateWise may retain limited data where required for legal, billing, tax, security, audit, dispute, or backup reasons.

## 15. Liability

Liability under this DPA is governed by the applicable customer agreement.

## 16. Contact

For DPA questions, contact:

Globulus Technology Limited
Email: privacy@gatewise.ng
Phone: +234 8037 552 346