Data Processing Agreement (DPA)
Last updated: 2026-06-11
Parties & roles
This DPA forms part of the agreement between the client ("Controller") and [AiFortis LTD] ("Processor") for processing personal data under GDPR (Regulation (EU) 2016/679).
Subject matter
Processing of contact and call data to run the Controller's voice campaigns through the platform.
Processor obligations
- Process personal data only on the Controller's documented instructions.
- Ensure persons authorised to process are bound by confidentiality.
- Implement appropriate technical and organisational security measures.
- Engage sub-processors only under equivalent obligations and notify the Controller of changes (see Sub-processors).
- Assist the Controller with data subject requests and with security, breach and impact-assessment obligations.
- Delete or return personal data at the end of the service, subject to legal retention.
- Make available information necessary to demonstrate compliance and allow audits.
Security
Measures include encryption of secrets, access control, tenant isolation, audit logging, and recording-consent controls. See the Security page.
International transfers
Where applicable, the EU Standard Contractual Clauses apply.
Liability & term
This DPA runs for the duration of the service. Liability follows the main agreement.
This is a template — complete the annexes (categories of data, sub-processors, security measures) and have it reviewed by counsel.