Data Processing Addendum (DPA)

for Syncify Integration App

Parties:

  • Data Controller: The legal entity installing and using the Syncify Integration App (”Customer”)
  • Data Processor: Syncify AB, org. no. 556987-2905, Processvägen 3, 435 33 Mölnlycke, Sweden (”Syncify”) 

1. Background and Scope

This Data Processing Addendum (”DPA”) supplements the Terms and Conditions for the use of the Syncify Integration App (the ”App”) and applies when Customer installs and uses the App to process personal data within the meaning of the EU General Data Protection Regulation (Regulation 2016/679, ”GDPR”).

By installing the App, Customer acknowledges and agrees to this DPA.

2. Purpose and Processing

Syncify processes personal data solely for the purpose of providing the App’s data integration and synchronization services between SuperOffice and third-party systems (e.g., ERP).

Processing includes:

  • Import, transfer, mapping and synchronization of CRM and business data
  • Temporary storage and transformation of data
  • Technical support and troubleshooting 

Syncify shall only process personal data on documented instructions from Customer, unless required by law.

3. Types of Data and Categories of Data Subjects

  • Types of data: Contact information (e.g. names, emails, phone numbers), invoice data, order data, system metadata
  • Data subjects: Customer’s employees, clients, suppliers or other individuals referenced in business data 

4. Security Measures

Syncify shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Access control
  • Encryption and secure transmission
  • Regular backups and integrity checks
  • Monitoring and alerting 

Details available upon request or in Syncify’s Security Policy.

5. Sub-processors

Syncify may engage third-party sub-processors for hosting, infrastructure or related services. Syncify remains liable for the acts of its sub-processors.

A list of current sub-processors is available at: available upon request

Customer will be notified in advance of any material change of sub-processors.

 

6. Data Transfers

Where Customer Data is transferred outside the EU/EEA, Syncify shall ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Assistance and Audit Rights

Syncify will assist Customer in fulfilling its GDPR obligations, including:

  • Responding to data subject rights requests
  • Assisting with breach notifications
  • Providing documentation to demonstrate compliance 

Customer may request a summary audit report or perform an audit subject to reasonable notice and confidentiality.

8. Data Breach Notification

Syncify will notify Customer without undue delay after becoming aware of a personal data breach. The notification will include:

  • Nature of the breach
  • Likely consequences
  • Measures taken or proposed 

9. Data Retention and Deletion

Upon termination of the service, Customer may export all personal data. Syncify will delete or anonymize remaining data within 90 days, unless legal obligations require longer retention.

10. Governing Law and Jurisdiction

This DPA is governed by the laws of Sweden. Disputes shall be resolved in accordance with the governing law and dispute resolution clause in the Terms and Conditions.

11. Acceptance

By installing and using the App, the Customer confirms that:

  • It acts as a data controller under GDPR
  • It accepts the terms of this DPA
  • It has the authority to enter into this agreement