Full logo
Start Free Trial

Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement (“DPA”) applies when you use OPS360 for business purposes where personal data is processed. This DPA is between you (the Data Controller) and Delisys Technologies Ltd and its Partners (the Data Processor).

This DPA supplements our Privacy Policy and Terms of Service.

2. Key Definitions

  • Data Controller: Your organization that determines how personal data is processed
  • Data Processor: Delisys Technologies Ltd and its Partners, processing data on your behalf
  • Personal Data: Information about identifiable individuals
  • Data Subjects: The individuals whose data is being processed (employees, customers, contractors, etc.)

3. What We Process

3.1 Processing Activities

OPS360 Services include (but are not limited to):

  • Platform Services (projects, tasks, team collaboration, and other management tools)
  • Mobile Applications (iOS/Android, with offline capabilities)
  • AI Services (assistants, document summarization, analytics, and similar features)
  • E-Signature Services (digital signing, compliance tracking)
  • File Management (cloud storage, sharing, and version control)
  • Communication (chat, WhatsApp integration, notifications)
  • Payments & Billing (invoicing, transactions, subscription management)
  • Audits & Compliance Tools (location-based audits, incident management, reporting)

OPS360 may add new services, modules, or integrations. All such services are subject to this Policy and Agreement.

3.2 Types of Personal Data

  • Identity and contact information
  • Employment/professional data
  • Technical and usage data
  • Location and device data
  • Communication and chat data
  • Financial and payment data
  • Biometric data (with explicit consent)
  • Uploaded documents and files

3.3 Data Subjects

  • Your employees and users
  • Your customers and clients
  • Third parties interacting with your business

4. Our Responsibilities

We will:

  • Process data only on your documented instructions
  • Implement appropriate security measures
  • Use only authorized sub-processors
  • Assist with data subject rights requests
  • Notify you of data breaches promptly
  • Delete or return data when services end
  • Provide compliance information

We will not:

  • Process data for our own purposes (except where legally required)
  • Share data with unauthorized third parties
  • Combine your data with others for non-service purposes
  • Use data for marketing without consent

5. Your Responsibilities

You must:

  • Have a lawful basis for processing
  • Obtain necessary consents from data subjects
  • Provide clear privacy notices to data subjects
  • Ensure data accuracy and validity
  • Respond to data subject requests
  • Notify us of changes to processing purposes
  • Conduct Data Protection Impact Assessments (DPIAs) when required

6. Sub-processors

6.1 Authorized Sub-processors

OPS360 uses these categories of sub-processors:

  • Cloud Infrastructure: Microsoft Azure, MongoDB Atlas
  • Communication: WhatsApp Business API, Firebase
  • Payments: Stripe, PayPal, Razorpay
  • AI Services: Azure OpenAI, Google APIs
  • Analytics: Google Analytics, Firebase Analytics
  • Support: Email, ticketing, and customer service tools

6.2 Sub-processor Changes

  • We will notify you of material changes to sub-processors.
  • You may object within 30 days.
  • If unresolved, we will work to find a suitable alternative.

7. Data Security

We implement:

  • Encryption: AES-256 (at rest), TLS 1.3 (in transit)
  • Access Controls: MFA, role-based access
  • Network Security: Firewalls, monitoring, intrusion detection
  • Employee Training: Security awareness and role-based controls
  • Physical Security: Data centers with restricted access

8. Data Residency & Transfers

Customer data remains in the customer’s region: UK, EU, USA, or India.

Transfers outside these regions only occur when necessary for lawful processing (e.g., payment providers).

Where applicable, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Additional safeguards (encryption, minimization)

9. Data Subject Rights

9.1 How We Help

We assist you in fulfilling valid requests for:

  • Access, correction, or deletion
  • Data portability
  • Restriction or objection to processing

9.2 Process

  • Data subjects contact you (the Controller) directly.
  • If OPS360 receives a request, we will forward it to you.
  • Business account admins manage user data requests inside OPS360.
  • OPS360 supports tenant-level data deletion/export upon account closure.

10. Data Breaches

If a breach occurs, we will:

  • Notify you without undue delay (within 72 hours where required)
  • Provide details of the breach and impact
  • Suggest mitigation steps
  • Assist with regulator and subject notifications if required

11. Data Retention & Deletion

Data is retained while your OPS360 account is active.

When services end:

  • Deleted from active systems within 30 days
  • Removed from backups within 90 days
  • Confirmation of deletion provided
  • Logs of deletion maintained for audit purposes

12. Audits & Compliance

You may:

  • Request information on our processing practices
  • Review our security measures
  • Conduct audits with reasonable notice
  • Inspect sub-processor documentation

We provide:

  • Annual compliance reports
  • Security attestations
  • Incident reports

13. Liability

Processor Liability: We are liable for breaches caused by us or unauthorized sub-processors.

Controller Liability: You are liable for breaches caused by your unlawful instructions, inadequate consent, or lack of legal basis.

Liability is subject to the limits defined in the Terms of Service.

14. Changes & Termination

We may update this DPA for legal/regulatory changes, with 30 days’ notice.

This DPA terminates if you stop using OPS360 and all data is deleted/returned.

15. Governing Law

This DPA is governed by:

  • Laws of England and Wales
  • Applicable EU data protection laws
  • India’s DPDPA and US CCPA/CPRA, where applicable

16. Contact Information

Data Protection Contacts

Data Protection Officer: dpo@vops360.com
Legal Team: legal@vops360.com

Delisys Technologies Ltd and its Partners

Registered Address: Suite 5, 22–26 Nottingham Rd, Nottingham NG9 8AA, United Kingdom
Company Number: 13497342
Email: info@vops360.com
Website: https://vops360.com

This DPA applies to business customers using OPS360 where personal data is processed.

© 2025 Delisys Technologies Ltd and its Partners. All rights reserved.

OPS360 Logo

Streamline your business operations with OPS360 - The comprehensive platform suitable for all your business needs.

Download Our Mobile Apps
Download on the App Store

App Store

Get it on Google Play

Google Play

Useful Links
Privacy PolicyTerms of ServiceData Processing AgreementData Retention PolicyCookie Policy
Resources
About UsContact UsModulesPricingFree TrialHelp
Stay Connected

Subscribe for product updates and business tips

Contact

Phone (UK): +44 1183466433

Phone (India): +91 97012 95915

info@vops360.com

© 2025 Delisys Technologies Ltd. All rights reserved.

Powered by Delisys Technologies | Partners Vedha IT Solutions