Data Processing Agreement (DPA)
This Data Processing Agreement ("Agreement") forms part of the agreement between the customer ("Controller") and SKVID d.o.o., Jalševečka cesta 40, 10040 Zagreb, Croatia ("SKVID" or "Processor"), governing the processing of personal data in connection with the use of the Velim platform.
This Agreement is concluded in accordance with Article 28 of Regulation (EU) 2016/679 (GDPR).
1. Subject matter and duration
This Agreement governs the processing of personal data by SKVID on behalf of the Controller in the course of providing the Velim services.
The processing shall take place for the duration of the Controller’s use of the Velim platform, unless otherwise agreed in writing.
2. Nature and purpose of processing
The nature of the processing includes the collection, storage, organization, transmission, and deletion of personal data.
The purpose of the processing is to provide, operate, secure, and support the Velim platform and related services in accordance with the Controller’s instructions.
3. Categories of data subjects and personal data
3.1 Data subjects
3.2 Categories of personal data
SKVID does not use communications content for its own purposes.
4. Obligations of the Controller
The Controller shall:
5. Obligations of the Processor
SKVID shall:
6. Security measures
SKVID implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including:
Detailed descriptions of security measures may be made available upon reasonable request.
7. Sub-processors
The Controller authorizes SKVID to engage sub-processors for the provision of the services.
SKVID shall ensure that sub-processors are subject to data protection obligations no less protective than those set out in this Agreement.
A current list of sub-processors may be made available upon request or via the Velim platform.
8. International data transfers
Personal data are primarily processed within the European Economic Area (EEA).
Where personal data are transferred outside the EEA, SKVID shall ensure appropriate safeguards in accordance with the GDPR.
9. Audits and information
SKVID shall make available information reasonably necessary to demonstrate compliance with this Agreement.
Audits or inspections shall be limited to documentation reviews or remote assessments, unless otherwise required by applicable law or expressly agreed in writing.
10. Liability
Each party shall be liable for damages caused by processing that infringes the GDPR in accordance with the allocation of responsibility under the Regulation.
11. Governing law
This Agreement shall be governed by and construed in accordance with the laws of the Republic of Croatia.
12. Final provisions
This Agreement applies automatically upon the Controller’s use of the Velim platform.
In the event of conflict between this Agreement and other agreements between the parties, this Agreement shall prevail with respect to data protection matters.
Processor:
SKVID d.o.o.
Jalševečka cesta 40
10040 Zagreb, Croatia
Controller:
The customer using the Velim platform