top of page

Data Processing Agreement (DPA)

Introduction

This DPA forms part of our commitment to GDPR compliance for customers processing personal data via Zigaflow.

Roles & Responsibilities

  • Zigaflow as Data Processor: We process personal data on behalf of our users.

  • Users as Data Controllers: You determine the purposes and means of data processing.

Data Processing Scope

  • Types of data: Customer names, emails, business details.

  • Purpose: Business management and operational efficiency.

  • Duration: As long as required by the user or applicable laws.

Instructions from Controller

Zigaflow will only process personal data under the documented instructions of the Data Controller.

Security Measures

  • Encryption of data in transit and at rest.

  • Access controls to restrict unauthorized data access.

  • Regular security testing and vulnerability assessments.

Subprocessors

We use third-party service providers for hosting, analytics, and payment processing. A list is available upon request.

Data Subject Rights

We assist users in fulfilling data subject requests under GDPR.

Data Transfers

If data is transferred outside the UK/EU, we ensure compliance with appropriate safeguards.

Breach Notification

We will notify users promptly in the event of a data breach.

Data Return/Deletion upon Termination

Upon termination of a contract, users may request the return or deletion of their personal data.

bottom of page