Last updated: 2026-06-30
This DPA forms part of the Terms of Service between OÜ OPSKAP SYSTEMS (“Processor”) and the customer (“Controller”) and applies where we process personal data on the Controller’s behalf.
The Controller determines the purposes and means; the Processor processes personal data only on the Controller’s documented instructions, which include providing the Service.
The Controller grants general authorisation to the sub-processors in the Privacy Policy. We give at least 30 days’ notice of changes; the Controller may object on reasonable data-protection grounds and, failing resolution, terminate the affected Service. We remain liable for our sub-processors.
Transfers outside the EEA are covered by adequacy decisions, the EU Standard Contractual Clauses, or the UK IDTA, with appropriate safeguards.
Row-level security and per-user isolation; encryption in transit (TLS); private file storage with signed-URL access; access controls and least privilege; regular backups; breach-response procedures.
To execute a signed DPA, contact [[email protected] — your real contact email].
This document is provided for convenience and is not legal advice.