+351 965 900 131
Client Login
Free Business Audit

Data Processing Agreement (DPA)

Effective Date: 2 February 2025

Between:

  1. DIGIPIV DIGITAL SOLUTIONS UNIPESSOAL LDA, NIF 516839977, (the “Processor”)
  2. The Client identified in the Master Service Agreement or Proposal (the “Controller”)

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person processed by DIGIPIV on behalf of the Client.
  • “Data Protection Laws” means the GDPR (Regulation (EU) 2016/679), the Portuguese Law 58/2019, and any other applicable data protection legislation.
  • “Services” means the digital solutions provided by DIGIPIV, including DIGIPIV CRM (white-labeled HighLevel), WordPress management, social media management, and video/meeting services (Loom).

2. Scope and Role

2.1. The Client acts as the Data Controller (deciding why and how data is collected) and DIGIPIV acts as the Data Processor (acting on the Client’s instructions).

2.2. This DPA applies to all processing of Personal Data carried out by DIGIPIV in the course of providing its Strategy, Setup, and Support services.

3. Obligations of the Processor (DIGIPIV)

DIGIPIV agrees to:

3.1. Instructions: Process Personal Data only on documented instructions from the Client, including transfers of data to third countries, unless required by EU or Portuguese law.

3.2. Confidentiality: Ensure that all staff authorised to process the data have committed themselves to confidentiality.

3.3. Security: Implement technical and organisational measures to ensure a level of security appropriate to the risk, including encryption and secure access via 1Password.

3.4. Assistance: Assist the Client in responding to Data Subjects’ requests (e.g., right to access or erasure) and in ensuring compliance with security and breach notification obligations.

4. Sub-processors

4.1. The Client provides a general written authorisation for DIGIPIV to engage sub-processors to deliver the Services.

4.2. Authorised Sub-processors: The Client specifically acknowledges and approves the use of:

  • HighLevel Inc. (Infrastructure for DIGIPIV CRM)
  • Atlassian/Loom (Video messaging and meeting transcriptions)
  • SiteGround (Web hosting)
  • Google/Meta/LinkedIn (Social media and analytics management)4.3. DIGIPIV shall ensure that any sub-processor is bound by data protection obligations at least as stringent as those in this DPA.

5. International Data Transfers

5.1. Where Personal Data is transferred outside the EEA (e.g., to the USA for GHL, Loom, or Read AI), DIGIPIV ensures that such transfers are governed by Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework.

6. Specific Service Disclosures

6.1. DIGIPIV CRM: The Client is responsible for ensuring they have a lawful basis (e.g., consent) for all leads imported into or captured via the CRM.

6.2. WordPress Management: DIGIPIV may access Personal Data (e.g., form submissions, user profiles) for maintenance purposes.

6.3. Social Media & Ads: DIGIPIV manages accounts on the Client’s behalf. The Client remains the owner of these accounts and is responsible for the privacy settings and pixel/tracking consent on their own platforms.

6.4. Meeting Recordings (Loom/Read AI): By engaging in meetings with DIGIPIV, the Client consents to the recording and transcription of sessions for project accuracy and training purposes.

7. Data Breach Notification

7.1. DIGIPIV shall notify the Client without undue delay (and in any event within 48 hours) after becoming aware of a personal data breach affecting the Client’s data.

8. Term and Termination

8.1. Upon termination of the Services, DIGIPIV shall, at the choice of the Client, delete or return all Personal Data, unless Portuguese or EU law requires storage of the data (e.g., for tax purposes).

Appendix: Details of Processing

Subject MatterDuration of ProcessingNature/PurposeData CategoriesData Subjects
CRM ServicesTerm of ContractLead management, Marketing automation via DIGIPIV CRM.Names, Emails, Phone, IP, CRM activity, Custom fields.Leads, Customers of the Client.
Web Management (Plugins & Backups)Term of ContractWebsite maintenance using MainWP; form management via Forminator; manual backups via All-in-One WP Migration.Admin logins, Form submission data (Names, Emails, Messages), and Full Website Backups (containing all site data).Website visitors, Customers of the Client, Staff.
Web Hosting & MaintenanceTerm of ContractHosting via SiteGround/DIGIPIV CRM; form management and security monitoring.Admin logins, User comments, Contact form submissions.Website visitors, Staff.
Social Media & AdsTerm of ContractAd management, audience targeting, and performance reporting.Profile names, Ad performance data, Pixel/Tracking data.Social media users, Website visitors.
Consulting & TrainingTerm of ContractStrategy sessions and technical training via Zoom/Notion/Loom/Read AI.Voice, Video recordings, Meeting transcriptions.Client employees, Stakeholders.
Data StorageTerm of ContractSecure storage of project data and manual backups (All-in-One WP Migration) on Google Workspace and DIGIPIV CRM.Full database exports, project files, and communication logs.Client Staff, Customers of the Client.