Overview

When Zephyra (QTool SRL) processes personal data contained in Customer Data on behalf of a Customer, Zephyra acts as a processor and the Customer acts as the controller under the GDPR (Regulation (EU) 2016/679), UK GDPR, and Swiss data protection law.

The terms governing that processor relationship — our Data Processing Agreement (DPA) — are incorporated into the Master Terms of Service and any signed Order Form.

Requesting the DPA

The current Zephyra DPA template is available on request.

To receive a copy:

• Existing customers: contact your account owner or email info@qtoolsrl.it from an email address associated with your workspace.
• Prospective customers: contact us with “DPA request” in the message and we’ll send the current template within one business day.

What the DPA covers

Our standard DPA addresses:

• Purpose, nature, scope, duration, and categories of processing
• Types of personal data and categories of data subjects
• Controller instructions and documented processing
• Sub-processor engagement and notification
• International data transfers (EU SCCs, UK IDTA, Swiss addendum as applicable)
• Technical and organizational measures (Annex II / security)
• Personal-data-breach notification obligations
• Data-subject rights assistance
• Return or deletion of personal data on termination
• Audits and compliance records

Subprocessors

Our current list of subprocessors is maintained at /legal/subprocessors and kept up to date per our DPA notification commitments.

Standalone DPA template (planned)

A self-service downloadable DPA template at this URL is planned for v1.1. Until then, please use the request flow above.