Skip to content

Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the agreement between Adminflow ("the Processor") and our customers ("the Controller") regarding the processing of personal data. This agreement ensures that all personal data is handled in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Purpose

This DPA outlines the responsibilities and obligations of Adminflow in processing personal data on behalf of the Controller. It ensures that both parties comply with applicable data protection regulations, including GDPR.

2. Scope of Processing

Adminflow processes personal data solely for the purposes specified in the main agreement between Adminflow and the Controller. We process the following categories of personal data:

  • Data subjects: Users, employees, or other individuals related to the Controller.
  • Types of personal data: Names, contact details, system usage information, and any other relevant data provided to Adminflow by the Controller.

3. Obligations of the Processor (Adminflow)

Adminflow, as the Processor, agrees to the following responsibilities:

  • Compliance with Instructions: We will only process personal data based on the Controller's written instructions, including any instructions related to transfers of personal data outside the European Economic Area (EEA), unless otherwise required by law.

  • Confidentiality: Adminflow ensures that all personnel authorized to process personal data are bound by confidentiality obligations.

  • Security: We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, loss, or destruction, in compliance with Article 32 of the GDPR.

  • Sub-processors: We may engage sub-processors to assist in the provision of our services. In such cases, Adminflow ensures that sub-processors are contractually bound by the same data protection obligations as outlined in this DPA. The Controller will be notified in advance of any changes to sub-processors.

  • Assistance to the Controller: Adminflow will assist the Controller in fulfilling its obligations concerning data subjects' rights, data protection impact assessments, and compliance with security measures.

4. Obligations of the Controller

The Controller has the following responsibilities:

  • Legal Basis: The Controller must ensure that there is a lawful basis for collecting and processing personal data under GDPR.

  • Accuracy and Integrity: The Controller is responsible for ensuring the accuracy and integrity of the personal data shared with Adminflow.

  • Data Subjects' Rights: The Controller is responsible for handling requests from data subjects, including requests for access, rectification, or deletion of personal data, with the assistance of Adminflow when necessary.

5. Data Transfers

Adminflow may transfer personal data to countries outside the EEA, provided that such transfers comply with GDPR requirements. Appropriate safeguards, such as Standard Contractual Clauses (SCCs), will be in place to ensure the protection of personal data during these transfers.

6. Security Measures

Adminflow has implemented robust technical and organizational security measures, including:

  • Encryption: All personal data is encrypted both in transit and at rest.
  • Access Control: Access to personal data is restricted based on role-based access permissions.
  • Regular Audits: We conduct regular audits and assessments of our data security practices to ensure compliance with GDPR and industry best practices.

7. Personal Data Breaches

In the event of a personal data breach, Adminflow will:

  • Notify the Controller without undue delay once aware of the breach.
  • Provide the Controller with all necessary information to fulfill its obligations under GDPR, including steps taken to mitigate the impact of the breach.

8. Deletion or Return of Data

Upon termination of the agreement, Adminflow will either delete or return all personal data to the Controller, as requested. Any existing copies of the data will also be deleted unless storage is required by law.

9. Audits

The Controller may request an audit to verify Adminflow's compliance with the DPA. Adminflow agrees to provide all necessary information to demonstrate compliance and facilitate such audits.

10. Duration

This DPA remains in effect for as long as Adminflow processes personal data on behalf of the Controller, in accordance with the terms of the main agreement between the parties.

11. Amendments

This DPA may be amended only with written consent from both parties. Any amendments must comply with GDPR and any other applicable data protection laws.

12. Governing Law

This DPA is governed by the laws of the country in which Adminflow is established, and any disputes arising from it will be subject to the exclusive jurisdiction of the competent courts in that jurisdiction.

For further questions or clarifications regarding this DPA, please contact:

Adminflow Data Protection Team