Data Processing Agreement (DPA)

Introduction

​

This DPA forms part of our commitment to GDPR compliance for customers processing personal data via Zigaflow.

​

Roles & Responsibilities

​

• Zigaflow as Data Processor: We process personal data on behalf of our users.

• Users as Data Controllers: You determine the purposes and means of data processing.

​

Data Processing Scope

​

• Types of data: Customer names, emails, business details.

• Purpose: Business management and operational efficiency.

• Duration: As long as required by the user or applicable laws.

​

Instructions from Controller

​

Zigaflow will only process personal data under the documented instructions of the Data Controller.

​

Security Measures

​

• Encryption of data in transit and at rest.

• Access controls to restrict unauthorized data access.

• Regular security testing and vulnerability assessments.

​

Subprocessors

​

We use third-party service providers for hosting, analytics, and payment processing. A list is available upon request.

​

Data Subject Rights

​

We assist users in fulfilling data subject requests under GDPR.

​

Data Transfers

​

If data is transferred outside the UK/EU, we ensure compliance with appropriate safeguards.

​

Breach Notification

​

We will notify users promptly in the event of a data breach.

​

Data Return/Deletion upon Termination

​

Upon termination of a contract, users may request the return or deletion of their personal data.