Inventroy

Data Processing Addendum

Last updated: __DATE__

Placeholder. EU customers usually require a countersigned DPA. Use Iubenda's template, hire a SaaS lawyer, or adopt the EU SCC text directly. Replace this scaffold before it ships to a real customer.

1. Roles

For data you upload to the Service, you are the "Controller" and Inventroy is the "Processor" (as defined in GDPR Article 4).

2. Scope of processing

We process personal data only on documented instructions from you (the Controller) and as needed to provide the Service.

3. Categories of data subjects

  • Your employees and contractors using the Service
  • Your customers, suppliers, and contacts whose data you upload

4. Categories of personal data

  • Identification data (name, email)
  • Contact details
  • Transactional data (orders, invoices)
  • Any other data you choose to upload

5. Sub-processors

See our Privacy Policy for the current list. We will notify you of changes to sub-processors and you may object within 30 days.

6. International transfers

Where personal data is transferred outside the EEA/UK, transfers are governed by the EU Standard Contractual Clauses (Module 2: Controller to Processor).

7. Security measures

Encryption in transit (TLS 1.2+), encryption at rest for credentials, role-based access control, audit logging, regular backups, vulnerability scanning, and incident response procedures.

8. Data subject requests

If we receive a data subject request directly, we will redirect them to you. We will assist you in fulfilling such requests within reasonable bounds.

9. Personal data breach notification

We will notify you without undue delay (and within 72 hours where feasible) after becoming aware of a personal data breach affecting your data.

10. Audits

Subject to NDA and reasonable scheduling, we will provide information necessary to demonstrate compliance.

11. Return or deletion of data

On termination, we will delete all personal data within 30 days unless retention is required by law.

12. Liability

Each party's liability under this DPA is governed by the limits in the main Terms of Service.

13. Contact

DPA requests: dpa@inventroy.com

cart

your cart is empty