OPSKAP OS

Data Processing Agreement (DPA)

Last updated: 2026-06-30

This DPA forms part of the Terms of Service between OÜ OPSKAP SYSTEMS (“Processor”) and the customer (“Controller”) and applies where we process personal data on the Controller’s behalf.

Roles & instructions

The Controller determines the purposes and means; the Processor processes personal data only on the Controller’s documented instructions, which include providing the Service.

Processor obligations

Sub-processors

The Controller grants general authorisation to the sub-processors in the Privacy Policy. We give at least 30 days’ notice of changes; the Controller may object on reasonable data-protection grounds and, failing resolution, terminate the affected Service. We remain liable for our sub-processors.

International transfers

Transfers outside the EEA are covered by adequacy decisions, the EU Standard Contractual Clauses, or the UK IDTA, with appropriate safeguards.

Annex 1 — Details of processing

Annex 2 — Security measures

Row-level security and per-user isolation; encryption in transit (TLS); private file storage with signed-URL access; access controls and least privilege; regular backups; breach-response procedures.

Execution

To execute a signed DPA, contact [[email protected] — your real contact email].

This document is provided for convenience and is not legal advice.