Full logo
Start Free Trial

Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement ("DPA") applies when you use OPS360 for business purposes where personal data is processed. This DPA is between you (the "Data Controller") and Delisys Technologies Ltd ("Data Processor").

This DPA supplements our Privacy Policy and Terms of Service.

2. Key Definitions

  • Data Controller: Your organization that determines how personal data is processed
  • Data Processor: Delisys Technologies Ltd, processing data on your behalf
  • Personal Data: Information about identifiable individuals
  • Data Subjects: The individuals whose data is being processed (your employees, customers, etc.)

3. What We Process

3.1 Processing Activities

We process personal data to provide:

  • Platform services (user accounts, projects, tasks)
  • Communication services (chat, WhatsApp, notifications)
  • File management (storage, sharing, version control)
  • E-signature services (digital signing, identity verification)
  • Payment processing (invoices, transactions)
  • Mobile services (location, camera, offline storage)
  • AI services (chatbot, automated processing)
  • Site audit services (location tracking, reporting)

3.2 Types of Personal Data

  • Identity and contact information
  • Professional and company data
  • Technical and usage data
  • Location and device data
  • Communication and chat data
  • Financial and payment data
  • Biometric data (with explicit consent)
  • Documents and files

3.3 Data Subjects

  • Your employees and users
  • Your customers and clients
  • Third parties interacting with your business

4. Our Responsibilities

4.1 What We Do

  • Process data only according to your instructions
  • Implement appropriate security measures
  • Use authorized sub-processors only
  • Assist with data subject requests
  • Notify you of data breaches promptly
  • Delete data when services end
  • Provide compliance information

4.2 What We Don't Do

  • Process data for our own purposes (except as required by law)
  • Share data with unauthorized parties
  • Combine data for non-service purposes
  • Use data for marketing without consent

5. Your Responsibilities

You must:

  • Have a lawful basis for processing
  • Obtain necessary consents from data subjects
  • Provide clear privacy notices
  • Ensure data accuracy
  • Respond to data subject requests
  • Notify us of changes to processing purposes
  • Conduct impact assessments where required

6. Sub-processors

6.1 Authorized Sub-processors

We use these categories of sub-processors:

  • Cloud Infrastructure: Microsoft Azure, MongoDB Atlas
  • Communication: WhatsApp Business API, Firebase
  • Payments: Stripe, PayPal, RazorPay
  • AI Services: Azure OpenAI, Google Vision API
  • Analytics: Google Analytics, Firebase Analytics
  • Support: Email and customer support services

6.2 Sub-processor Changes

  • We'll notify you of changes to sub-processors
  • You can object within 30 days
  • We'll work together to find alternatives if you object

7. Data Security

We implement:

  • Encryption: AES-256 for stored data, TLS 1.3 for data in transit
  • Access Controls: Multi-factor authentication, role-based access
  • Network Security: Firewalls, intrusion detection
  • Employee Training: Regular security awareness training
  • Physical Security: Secure data centers with access controls

8. International Data Transfers

When data is transferred outside the EEA, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions for approved countries
  • Additional safeguards for enhanced protection

Data may be processed in:

  • Microsoft Azure global data centers
  • Google's global infrastructure
  • Payment provider regional centers
  • Sub-processor locations as specified

9. Data Subject Rights

9.1 How We Help

We assist you with data subject requests for:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion of personal data
  • Data portability
  • Restriction of processing
  • Objection to processing

9.2 Process

  • Data subjects contact you directly
  • We'll forward any requests we receive to you
  • We provide technical assistance to fulfill valid requests
  • Platform features enable data export and deletion

10. Data Breaches

If a breach occurs, we will:

  • Notify you within 72 hours where feasible
  • Provide detailed breach information
  • Describe likely consequences and mitigation measures
  • Assist with regulatory notifications if required

11. Data Retention and Deletion

11.1 Retention

  • Data is retained while you use OPS360
  • Legal requirements may extend retention periods
  • Backup systems have automatic deletion schedules

11.2 Deletion

When services end, we will:

  • Delete data from active systems within 30 days
  • Remove data from backups within 90 days
  • Provide confirmation of deletion
  • Maintain deletion logs for audit purposes

12. Audits and Compliance

You have the right to:

  • Request information about our processing activities
  • Conduct audits of our data processing practices
  • Review our security measures
  • Inspect processing records

We provide:

  • Annual compliance reports
  • Security attestations
  • Incident reports
  • Sub-processor documentation

13. Liability

13.1 Our Liability

We're liable for:

  • Our breaches of this DPA
  • Unauthorized processing by sub-processors
  • Violations due to our actions

13.2 Your Liability

You're liable for:

  • Your breaches of this DPA
  • Unlawful processing instructions
  • Inadequate consent or legal basis

Total liability is subject to limits in our Terms of Service.

14. Changes and Termination

14.1 Updates

  • We may update this DPA for legal or regulatory changes
  • Material changes require 30 days' notice
  • Continued use means acceptance of updates

14.2 Termination

This DPA ends when:

  • You stop using OPS360
  • Terms of Service are terminated
  • All personal data is deleted or returned

15. Governing Law

This DPA is governed by:

  • Laws of England and Wales
  • Applicable EU data protection laws
  • Relevant local data protection regulations

16. Contact Information

Data Protection Contacts:

Delisys Technologies Ltd
Address: Suite 5, 22-26 Nottingham Rd, Stapleford, Nottingham NG9 8AA, United Kingdom
Email: info@vops360.com
Website: OPS360-Home Page

This DPA applies to business customers using OPS360 where personal data is processed.

© 2025 Delisys Technologies Ltd. All rights reserved.

Document Version: 1.0 | Effective Date: 12 July 2025 | Next Review Date: 12 July 2026

OPS360 Logo

Streamline your business operations with OPS360 - the comprehensive platform trusted by thousands of companies worldwide. Start your free trial today!

Download Our Mobile Apps
Download on the App StoreDownload on the App StoreGet it on Google PlayGet it on Google Play
Useful Links
About UsContact UsPrivacy PolicyTerms of ServiceData Processing AgreementData Retention PolicyCookie Policy
Resources
ServicesPricingFree TrialHelp
Stay Connected

Subscribe for product updates and business tips

Contact

Phone (UK): +44 1183466433

Phone (India): +91 997734048

info@ops360.com

© 2025 Delisys Technologies Ltd. All rights reserved.

Powered by Delisys Technologies | Partners Vedha IT Solutions