Version: 1.0
Effective date: [INSERT DATE]
Main Agreement: [INSERT MASTER DPA / TERMS REFERENCE]

This Annex supplements the Data Processing Agreement ("DPA") between:

• Controller: [INSERT CUSTOMER LEGAL ENTITY]
• Processor: [INSERT PROVIDER LEGAL ENTITY]

It defines camera snapshot processing instructions for webhook-based camera integrations in BloomLightly.

1. Subject Matter and Duration

1.1. Subject matter: processing of camera snapshot and related webhook security data uploaded via authenticated endpoints to support farm operations/security monitoring configured by Controller.
1.2. Duration: from feature enablement until termination of Service (plus post-termination return/deletion period under Clause 10).

2. Nature and Purpose of Processing

2.1. Nature: collection, transmission, verification, storage, retrieval, display, and deletion of periodic still images and related metadata.
2.2. Purpose: provide customer-configured camera snapshot functionality and associated platform security/integrity controls; no independent profiling beyond security, anti-abuse, and service protection.

3. Categories of Data Subjects and Personal Data

3.1. Data subjects may include employees, contractors, visitors, delivery personnel, and other persons present in camera-covered areas.
3.2. Personal data categories may include still images (which may depict persons), timestamp, camera/device identifiers, source IP, technical headers, and security audit logs.

4. Documented Instructions (Article 28(3)(a) GDPR)

4.1. Processor shall process Camera Snapshot Data only on documented instructions of Controller, including this Annex, the DPA, and in-product configuration selected by Controller.
4.2. Controller configures and is responsible for: camera purpose, capture interval, resolution, retention choices, recipients/access rights, and lawful basis/transparency obligations.
4.3. If Processor believes an instruction infringes GDPR or other Union/Member State data protection law, Processor informs Controller without undue delay.

5. Confidentiality (Article 28(3)(b) GDPR)

5.1. Processor ensures persons authorized to process Camera Snapshot Data are bound by confidentiality obligations (statutory or contractual).

6. Security of Processing (Article 28(3)(c) and Article 32 GDPR)

6.1. Processor implements appropriate technical and organizational measures, including as applicable: (a) HTTPS/TLS transport encryption;
(b) secret-based webhook authentication;
(c) optional HMAC/timestamp validation and replay-window checks;
(d) request rate limiting, size/pixel constraints, and content validation;
(e) private storage outside public web paths with restricted permissions;
(f) role-based access controls and admin action logs;
(g) backup/recovery controls and secure deletion workflows;
(h) incident detection, containment, and response procedures.

6.2. Controller remains responsible for endpoint/device hardening, physical camera placement, and internal user access governance.

7. Subprocessing (Article 28(2) and 28(4) GDPR)

7.1. Controller grants [specific/general] authorization for subprocessors listed in Annex A.
7.2. Processor shall impose data protection obligations on subprocessors substantially equivalent to those in the DPA, including security and confidentiality requirements.
7.3. Processor remains liable for subprocessor performance to the extent required by Article 28 GDPR.

8. Assistance to Controller (Article 28(3)(e)-(f) GDPR)

8.1. Considering processing nature and available information, Processor assists Controller with: (a) responses to data subject requests;
(b) security obligations under Article 32;
(c) breach notification duties under Articles 33 and 34;
(d) DPIA/prior consultation support under Articles 35 and 36.

8.2. Assistance may be provided through platform features, support channels, and documented operational procedures.

9. Breach Notification

9.1. Processor notifies Controller without undue delay after becoming aware of a personal data breach affecting Camera Snapshot Data.
9.2. Notification includes available information required for Controller's risk assessment and statutory notifications.

10. Return and Deletion (Article 28(3)(g) GDPR)

10.1. Upon termination, Processor shall, at Controller's choice and subject to legal retention obligations:
(a) return Camera Snapshot Data in a structured form (where technically feasible), and/or
(b) delete Camera Snapshot Data and certify deletion on request.
10.2. Backups are deleted on rolling cycles, unless legal obligations require retention.

11. Audit and Information Rights (Article 28(3)(h) GDPR)

11.1. Processor makes available information necessary to demonstrate compliance with Article 28 obligations relevant to this Annex.
11.2. Controller may conduct audits (or mandate an independent auditor) under the audit framework of the main DPA, subject to confidentiality, security, and reasonable notice constraints.

12. International Transfers (Chapter V GDPR)

12.1. If processing involves transfer outside EEA/UK, Processor applies lawful transfer mechanism(s), such as adequacy decisions and/or Standard Contractual Clauses with supplementary safeguards where required.

13. Liability and Precedence

13.1. Liability is governed by the main agreement and mandatory law.
13.2. In case of conflict, this Annex prevails for camera-specific processing instructions; the DPA prevails over general commercial terms for data protection matters.

14. Controller Obligations Acknowledgment

14.1. Controller confirms responsibility for: (a) lawful basis and transparency (including signage where required);
(b) proportional camera deployment and minimization settings;
(c) handling data subject rights requests where Controller acts as controller;
(d) consultation with labor/privacy representatives where required by local law.

Annex A - Subprocessor List (Template)

• [Hosting provider, location, role, transfer mechanism]
• [Object storage provider, location, role, transfer mechanism]
• [Monitoring/logging provider, location, role, transfer mechanism]
• [Email/support provider, location, role, transfer mechanism]

Annex B - Camera TOM Baseline (Checklist)

• TLS enforced for ingest and management endpoints
• Webhook secret rotation supported
• Optional HMAC/timestamp enabled for camera hooks
• Replay and rate-limit controls enabled
• Upload size and pixel limits configured
• Metadata stripping/re-encode controls active (if enabled in system)
• Access logging and admin audit events retained per policy
• Incident response workflow documented and tested