Data Processing Addendum
Annex C: Data Processing
This Data Processing Addendum (Annex C) forms part of your broader Agreement with us. For details of all the parts of our Agreement and how they are read together, see Dataweavers Legal | Terms of Service.
Latest Version | January 2026
This Annex C describes how Personal Data is processed by Dataweavers in delivering the Services, including the roles of the parties, the categories of Personal Data involved, and the purposes and locations of processing.
Dataweavers provides the Services using a customer-controlled deployment model, where Customer Data is primarily processed and stored within the Customer’s Microsoft Azure tenant. This model is designed to limit data movement, reduce exposure to third parties, and provide Customers with greater control over their data environment.
All processing is carried out in accordance with the Customer’s documented instructions and in compliance with applicable Data Protection Laws and the security measures set out in this DPA.
Section A: List of Parties
| Data Exporter | The Data Exporter is the entity identified as “Customer” in this DPA, a customer of the Data Importer’s services. |
| Data Importer | The Data Importer is Dataweavers, a provider of experience management software, and its Affiliates. |
| Data Subjects | The Data Exporter’s employees, end users, customers and consumers. |
Section B: Details of Data Processing
The Data Importer may receive any Customer Data transferred by the Customer. The precise Personal Data that the Data Exporter will transfer will be determined and controlled solely by the Data Exporter but may include Personal Data concerning the following categories of data:
| Details of Data Processing | Particulars |
| Categories of Users’ Personal Data Processed |
|
| Categories of Consumers’ Personal Data Processed |
|
| Data Controller/ Data Processor roles | Customer is Data Controller. Dataweavers is Data Processor for Customer. Partner acts as a subprocessor (processor) on behalf of Dataweavers for Customer Data, solely to provide the Services and in accordance with Dataweavers documented instructions. |
| Sensitive data transferred | No special categories of data are intended to be processed and Restricted Data is excluded from scope. |
| Purpose of the data transfer |
Enabling and supporting Dataweavers provision of the Services to the Customer, including service functionality, support, maintenance, and security, in accordance with Customer and Dataweavers instructions. |
| Locations of Processing and storage |
Primary processing and storage locations: Customer Data is primarily processed and stored within Microsoft Azure data centers located in the customer’s selected Azure region(s), in the customer’s Microsoft Azure tenant (or a customer-nominated Azure tenant) where the Arc environment is deployed. Core compute, storage, networking, and production solution data remain within that customer-controlled environment. Dataweavers does not operate Arc as a shared multi-tenant service for customer production data. The Arc control plane does not store or process customer application or production data. Dataweavers may process limited operational metadata and support-related information outside the customer environment where necessary to operate and support the Services, including environment configuration, site identifiers, deployment status, platform configuration details, organization name, contact details, and support ticket history. Dataweavers’ internal operational systems supporting Arc are hosted within Microsoft Azure in the following regions: Australia East, Australia Southeast, US East, and US West. Customer application and production data remain within the customer’s Azure tenant and are not transferred to or stored within Dataweavers operational tools or the Arc control plane, except where expressly directed by the customer or required by applicable law. Support access locations: Authorized Dataweavers support, engineering, and operations personnel may remotely access the customer environment from Australia, the United States, Sri Lanka, Vietnam, the United Kingdom, Poland, and Colombia where required to deploy, operate, maintain, or support the Services. Such access is limited to authorized personnel on a least privilege and need-to-know basis and is subject to customer-tenant access controls, role-based access control, multi-factor authentication, logging, confidentiality obligations, and internal security procedures. Direct access to stored customer data is not enabled for support personnel by default. Application components access dependent resources using managed identity. Where specifically requested by the customer, Dataweavers may assist the customer to generate data exports within that environment. Customer Data is not transferred outside the customer environment by Dataweavers unless expressly directed by the customer or required by applicable law. Onward transfers: Dataweavers does not transfer customer application or production data outside the customer’s Azure environment as part of the ordinary provision of the Services. Any such transfer occurs only where expressly requested by the customer or required by applicable law. Limited support-related information and operational metadata may be captured, processed, and stored within Dataweavers support and operational systems, including authorized subprocessors identified in ANNEX B: Subprocessors and their applicable processing locations. Such information may include organization name, contact details, support ticket content, service configuration details, deployment status, and similar service management information. |