Preloader web stranice
  • Ready to turn communication into sales?

Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

This Data Processing Agreement ("Agreement") forms part of the agreement between the customer ("Controller") and SKVID d.o.o., Jalševečka cesta 40, 10040 Zagreb, Croatia ("SKVID" or "Processor"), governing the processing of personal data in connection with the use of the Velim platform.

This Agreement is concluded in accordance with Article 28 of Regulation (EU) 2016/679 (GDPR).


1. Subject matter and duration
This Agreement governs the processing of personal data by SKVID on behalf of the Controller in the course of providing the Velim services.

The processing shall take place for the duration of the Controller’s use of the Velim platform, unless otherwise agreed in writing.


2. Nature and purpose of processing
The nature of the processing includes the collection, storage, organization, transmission, and deletion of personal data.

The purpose of the processing is to provide, operate, secure, and support the Velim platform and related services in accordance with the Controller’s instructions.


3. Categories of data subjects and personal data
3.1 Data subjects

  • end users of the Controller;
  • employees, contractors, or representatives of the Controller;
  • other individuals whose data are processed through the Velim platform.

3.2 Categories of personal data

  • account and contact data (e.g., name, email address, phone number, role);
  • authentication and security data (e.g., login credentials, access tokens, IP address, device identifiers);
  • service usage and technical data (e.g., timestamps, logs, interaction metadata);
  • communications data processed on behalf of the Controller (e.g., messages, attachments, call metadata, tickets).

SKVID does not use communications content for its own purposes.


4. Obligations of the Controller
The Controller shall:

  • ensure that it has a valid legal basis for processing personal data;
  • ensure transparency toward data subjects;
  • issue lawful instructions to SKVID;
  • be responsible for responding to data subject requests, unless otherwise agreed.


5. Obligations of the Processor
SKVID shall:

  • process personal data only on documented instructions from the Controller;
  • ensure that persons authorized to process personal data are bound by confidentiality;
  • implement appropriate technical and organizational measures to protect personal data;
  • assist the Controller in fulfilling obligations under the GDPR, taking into account the nature of processing;
  • notify the Controller without undue delay after becoming aware of a personal data breach;
  • delete or return personal data upon termination of the services, unless retention is required by law.


6. Security measures
SKVID implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including:

  • encryption of personal data in transit and at rest, where appropriate;
  • role-based access controls and authentication mechanisms;
  • logging, monitoring, and incident detection;
  • regular security updates and maintenance.

Detailed descriptions of security measures may be made available upon reasonable request.


7. Sub-processors
The Controller authorizes SKVID to engage sub-processors for the provision of the services.

SKVID shall ensure that sub-processors are subject to data protection obligations no less protective than those set out in this Agreement.

A current list of sub-processors may be made available upon request or via the Velim platform.


8. International data transfers
Personal data are primarily processed within the European Economic Area (EEA).

Where personal data are transferred outside the EEA, SKVID shall ensure appropriate safeguards in accordance with the GDPR.

9. Audits and information
SKVID shall make available information reasonably necessary to demonstrate compliance with this Agreement.

Audits or inspections shall be limited to documentation reviews or remote assessments, unless otherwise required by applicable law or expressly agreed in writing.

10. Liability
Each party shall be liable for damages caused by processing that infringes the GDPR in accordance with the allocation of responsibility under the Regulation.


11. Governing law
This Agreement shall be governed by and construed in accordance with the laws of the Republic of Croatia.


12. Final provisions
This Agreement applies automatically upon the Controller’s use of the Velim platform.

In the event of conflict between this Agreement and other agreements between the parties, this Agreement shall prevail with respect to data protection matters.

Processor:
SKVID d.o.o.
Jalševečka cesta 40
10040 Zagreb, Croatia

Controller:
The customer using the Velim platform

Back to Help Center

Help Center

Categories

Subscribe For Newsletter

Subscribe to our newsletter & stay updated

Contact Us

hello@velim.hr
Try for free

Follow Us

Choose your cookies

Cookies help us to enhance your experience, tailor ads to your interests, and improve our website.