Data Processing Agreement

Last updated: January 1, 2025

## Data Processing Agreement

This DPA governs 2iZii's processing of personal data on your behalf in accordance with GDPR.

Definitions

  • Controller: You (the customer using OnePOS)
  • Processor: 2iZii AS
  • Personal Data: Any data processed through OnePOS that identifies individuals

Scope and Purpose

2iZii processes personal data solely to provide OnePOS services as instructed by you. We do not use your data for our own purposes (except anonymized analytics).

Data Processing Principles

We process data in accordance with: - GDPR (EU Regulation 2016/679) - applicable US privacy laws - Applicable industry regulations

Sub-Processors

We engage the following sub-processors: - Google Cloud Platform: Infrastructure hosting (EU region) - Stripe/Adyen: Payment processing (where applicable) - Twilio/SendGrid: Communications (email, SMS)

We notify you 30 days before adding new sub-processors.

Data Location

Personal data is stored in: - Primary: EU-WEST1 (Belgium) - Backup: EU-NORTH1 (Finland)

Data does not leave EU/EEA without explicit consent.

Security Measures

We implement: - Encryption at rest (AES-256) and in transit (TLS 1.3) - Multi-factor authentication - Role-based access control - Regular security audits and penetration testing - Hosted on SOC 2 Type II–certified infrastructure (Google Cloud Platform)

Data Subject Rights

We assist you in fulfilling data subject requests (access, correction, deletion, portability) within 10 business days.

Data Breach Notification

We notify you within 24 hours of becoming aware of a data breach affecting your data.

Data Return and Deletion

Upon termination: - You have 30 days to export your data - We delete all data within 60 days (except as required by law) - Backups are purged within 90 days

Audits

Premium customers may request an audit of our data processing practices once per year with 30 days notice.

Liability

Each party is liable for damages caused by breaches of this DPA in accordance with GDPR Article 82.

Duration

This DPA remains in effect for the duration of your OnePOS subscription.

Contact

For DPA questions or data subject requests, contact: post@2izii.com

Questions?

If you have any questions about this document, please contact us.

Email Us