Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the agreement between Ovaloop ("Processor") and the Customer ("Controller").

Privacy Policy
Terms of Service
Acceptable Use Policy
Subscription Agreement
Data Processing Agreement (DPA)
Purpose
Definitions
Scope of Processing
Customer Responsibilities
Ovaloop Responsibilities
Subprocessors
Security Measures
Breach Notification
Data Retention
International Transfers
Audits
Governing Law
Service Level Agreement (SLA)
Information Security Policy
Cookie Policy
Data Retention & Deletion
Trust Center
Partner Agreement
Partner SLA

1. Purpose

This DPA governs the processing of personal data by Ovaloop on behalf of the Customer in connection with Ovaloop services.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on Personal Data including collection, storage, use, disclosure, transmission, or deletion.

3. Scope of Processing

Ovaloop may process:

Customer records

Employee records

Supplier records

Contact information

Transaction records

Business operational data

solely to provide contracted services.

4. Customer Responsibilities

Customer warrants that:

It has lawful grounds to collect and process data.

It has obtained necessary consents.

It complies with applicable data protection laws.

5. Ovaloop Responsibilities

Ovaloop shall:

Process data only on documented instructions.

Maintain confidentiality.

Implement appropriate security measures.

Notify Customer of material data breaches.

Assist with lawful data subject requests.

6. Subprocessors

Customer authorizes Ovaloop to engage third-party subprocessors including:

Cloud hosting providers

Payment providers

Analytics providers

Email delivery providers

Customer support providers

Ovaloop remains responsible for subprocessor compliance.

7. Security Measures

Ovaloop shall maintain administrative, technical, and organizational safeguards appropriate to the risk presented by the processing activities.

8. Breach Notification

Ovaloop shall notify Customer without undue delay after becoming aware of a confirmed personal data breach affecting Customer data.

9. Data Retention

Upon termination, Customer may request export of available data.

Ovaloop may retain data where required by law or for legitimate security, backup, audit, or compliance purposes.

10. International Transfers

Customer acknowledges that data may be processed in jurisdictions where Ovaloop or its providers operate.

11. Audits

Upon reasonable written request, Ovaloop may provide information demonstrating compliance with this DPA.

12. Governing Law

This DPA shall be governed by the laws of the Federal Republic of Nigeria.