1. Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service and applies when OVVINEX processes Personal Data on behalf of customers in connection with the OVVINEX cloud platform and services.
This DPA is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
2. Definitions
Personal Data — any information relating to an identified or identifiable natural person.
Processing — any operation performed on Personal Data such as collection, storage, use, transfer, or deletion.
Controller — the entity that determines the purposes and means of processing Personal Data.
Processor — the entity that processes Personal Data on behalf of the Controller.
Subprocessor — third parties engaged by OVVINEX to process Personal Data.
3. Roles of the Parties
Under GDPR:
- Customer acts as Data Controller
- OVVINEX acts as Data Processor
OVVINEX processes Personal Data only according to Customer instructions and applicable laws.
4. Scope of Processing
OVVINEX may process Personal Data related to:
- Customer account users
- Customer clients or end-users
- Communication records
- System usage data
- Support interactions
Processing activities may include:
- Storage
- Organization
- Transmission
- Backup
- Security monitoring
5. Processing Instructions
OVVINEX processes Personal Data only:
- To provide the Services
- To maintain platform security
- To comply with legal obligations
- Based on documented customer instructions
6. Security Measures
OVVINEX implements technical and organizational security measures including:
- Encryption in transit
- Secure cloud infrastructure
- Access control and authentication systems
- Monitoring and logging
- Backup and disaster recovery systems
- Infrastructure isolation and containerization
7. Subprocessors
OVVINEX may use Subprocessors for:
- Cloud hosting infrastructure
- Email delivery services
- SMS or communication services
- Analytics services
All Subprocessors are contractually bound to comply with GDPR requirements.
A current list of Subprocessors may be provided upon request or published on the OVVINEX website.
8. International Data Transfers
Where Personal Data is transferred outside the European Economic Area (EEA), OVVINEX ensures appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
9. Data Breach Notification
OVVINEX will notify Customers without undue delay after becoming aware of a Personal Data breach affecting Customer data.
Notifications will include:
- Nature of the breach
- Likely consequences
- Measures taken or proposed
10. Data Retention and Deletion
Personal Data is retained:
- During active service use
- For backup and legal compliance purposes
Upon termination of Services, OVVINEX will:
- Delete Personal Data
OR - Return Personal Data to Customer (if technically feasible)
11. Assistance to Controller
OVVINEX will assist Customers in fulfilling GDPR obligations, including:
- Data subject requests
- Security assessments
- Breach investigations
- Compliance documentation
12. Audit Rights
Customers may request reasonable information demonstrating OVVINEX GDPR compliance.
Direct audits may be allowed where legally required and with reasonable notice.
13. Confidentiality
OVVINEX ensures that all personnel processing Personal Data are bound by confidentiality obligations.
14. Data Subject Rights
OVVINEX will assist Customers in responding to requests from data subjects regarding:
- Access
- Rectification
- Erasure
- Portability
- Restriction of processing
15. Liability
Each party is responsible for its own compliance with GDPR.
16. Contact
For GDPR or data protection inquiries:
Email: privacy@ovvinex.com
Legal: legal@ovvinex.com