Jetstream MX(203) 941-0986(203) 941-0986
Service RequestWork AuthBlogCareersCall Now: (203) 941-0986Request Service

Data Processing Addendum

Last updated: November 12, 2025

For B2B customers who engage JetstreamMX LLC to process personal data on their behalf (e.g., contact details within WOAs, service coordination, or records hosted in our systems), this DPA forms part of our agreement. If you need a countersigned copy, email accounts@jetstreammx.com.

1) Scope & Roles

Controller / Business: Customer (and, as applicable, its affiliates).

Processor / Service Provider: JetstreamMX LLC (and, as applicable, its affiliates).

This DPA governs JetstreamMX’s processing of Customer Personal Data solely to provide contracted services and as documented in the agreement and this DPA.

2) Nature & Purpose of Processing

Subject matter: B2B contact and operations data necessary to deliver AOG maintenance, diagnostics, dispatch, documentation, invoicing, and support.

Duration: Term of the agreement plus any return/transition and legally required retention.

Data subjects: Customer personnel, operators/crew, contacts at related vendors/partners.

Types of data: Names, business contact details, role/title, communications, job/WOA metadata, limited payment metadata (no full card numbers stored by JetstreamMX), and operational documentation references.

3) Processor Obligations

JetstreamMX shall:

  • Process data only on Customer’s documented instructions (including via the agreement and ticketing/workflows).
  • Maintain appropriate technical and organizational measures (access control, encryption in transit, vendor due-diligence, least privilege, and incident response).
  • Ensure confidentiality commitments for personnel with access.
  • Assist Customer with data subject requests, security, DPIAs, and consultations relative to our processing.
  • Delete or return Customer Personal Data upon termination (subject to legal/aviation retention requirements and backups that roll off per standard cycles).
  • Keep records of processing and make available information necessary to demonstrate compliance.
  • Allow reasonable audits (including by questionnaire or third-party reports) no more than annually and subject to confidentiality and safety restrictions.
  • Obtain Customer’s authorization for sub-processors; maintain an up-to-date list on request and flow down equivalent obligations; provide prior notice of changes with a right to object on reasonable, documented grounds.

4) International Transfers

Where Customer Personal Data originating from the EEA/UK/Switzerland is transferred to JetstreamMX in the U.S. or to other non-adequate jurisdictions, the parties incorporate the EU Standard Contractual Clauses (SCCs) (Commission Implementing Decision (EU) 2021/914).

Module 2 (Controller → Processor) and, if applicable, Module 3 (Processor → Processor) apply for onward transfers to sub-processors.

The SCCs are deemed completed as follows: Annex I (parties, data categories, purpose/duration as above), Annex II (security measures summarized in Section 3 and our Privacy Policy), and Annex III (sub-processor list available on request).

For UK transfers, the UK Addendum/UK IDTA will apply; for Switzerland, references to EU law include the FADP as required.

5) U.S. State Law Alignment

JetstreamMX will act as a “service provider/processor” under applicable U.S. state privacy laws (e.g., CPRA/CCPA, CTDPA, CPA, VCDPA, UCPA), and shall not sell or share Customer Personal Data or use it for cross-context behavioral advertising or purposes other than those specified by Customer.

6) Security Incidents

JetstreamMX will notify Customer without undue delay after becoming aware of a confirmed personal data breach affecting Customer Personal Data, providing details reasonably available at the time and cooperating on remediation and notifications.

7) Liability & Priority

Each party’s liability is as set out in the underlying agreement; where terms conflict, the SCCs (for in-scope transfers) and this DPA control over the main agreement to the extent required by law.

8) Contact & Execution

Data protection contact: mx_sales@jetstreammx.com.

This DPA is effective upon execution of the main agreement or upon written acceptance (including e-signature). Customer may request a counter-signed PDF and sub-processor list at any time.