Qerbia logoQerbia

DATA PROCESSING AGREEMENT

Terms of ServicePrivacy PolicyData Processing Agreement

If Apexloop is deemed a data processor under the GDPR in relation to the personal data you control, the following terms apply:

  1. Data Processing Scope: Apexloop processes personal data stored through its use or accessible due to development, maintenance, or operation. This typically includes data about employees, customers, or suppliers (such as names, contact details, photos, etc.) and any other data uploaded by users into Apexloop.
  2. Purpose and Duration: The data is processed solely for the purpose of providing the Apexloop service, or as otherwise agreed individually, and only for the duration of its use. Apexloop handles the data exclusively based on your instructions or legal obligations.
  3. Security Measures: Apexloop has implemented technical, organizational, and security measures to prevent unauthorized access to, alteration of, loss of, or misuse of data.
  4. Authorized Personnel: Apexloop’s employees and authorized personnel process data only in accordance with your instructions and in compliance with applicable legal regulations.
  5. Data Subject Rights: Upon your request, Apexloop will correct, update, delete, or transfer the data (to the extent such functionality is supported).
  6. GDPR Compliance: In fulfilling its obligations under the GDPR, Apexloop exercises professional care and diligence.
  7. Sub-processors: Apexloop may engage additional processors (particularly IT service providers) who meet EU standards, without requiring your explicit consent.
  8. Third-Party Integrations: If a third-party service is integrated into Apexloop, you agree to the processing of data by the third party under their respective terms.
  9. Data Retention: Upon termination of the Apexloop service, active processing of data will cease. Backups may be retained for up to one year and will then be deleted unless otherwise required by law.
  10. Confidentiality: Apexloop maintains confidentiality over the data and ensures the same from its employees. This obligation remains in effect even after the end of the cooperation.
  11. Audits: You may request a reasonable audit of Apexloop’s compliance with its data processing obligations. A minimum of 30 days' notice must be given, the audit must not disrupt operations, and all associated costs are to be borne by you.
  12. Confidentiality of Security Measures: Confidentiality also applies to security measures and remains binding after the end of the collaboration.