AAopyLegal & Compliance

Aopy Platform

Data Processing Agreement

Last updated: 3 June 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Easy Life Tech SRL ("Processor") and the customer ("Controller"). It sets out the terms on which Aopy processes personal data on behalf of the Controller in connection with the Aopy platform.

2. Definitions

Terms used in this DPA have the meanings given to them in the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romania's national implementing legislation.

3. Processing Details

  • Subject matter: Email and SMS marketing services provided via the Aopy platform.
  • Duration: For the duration of the Terms of Service and as required by law thereafter.
  • Nature and purpose: Sending marketing communications, storing contact data, providing analytics.
  • Categories of data subjects: The Controller's contacts and subscribers.
  • Types of personal data: Name, email address, phone number, behavioural data, purchase history.

4. Processor Obligations

Aopy shall: (a) process personal data only on documented instructions from the Controller; (b) ensure persons authorised to process data are bound by confidentiality; (c) implement appropriate technical and organisational security measures; (d) assist the Controller with DSAR responses, breach notifications, and impact assessments; (e) delete or return all personal data at the end of the contract.

5. Sub-Processors

The Controller grants general authorisation to use sub-processors. Aopy currently uses the sub-processors listed in the Privacy Policy. Aopy will notify the Controller of material changes to sub-processors. The Controller may object within 14 days.

6. Security

Aopy implements appropriate technical and organisational measures including encryption at rest and in transit, access controls, and regular security reviews, taking into account the risks to data subjects.

7. Data Breach Notification

In the event of a personal data breach, Aopy will notify the Controller without undue delay after becoming aware of it, and in any case within 72 hours, providing sufficient information to enable the Controller to comply with its own breach notification obligations.

8. Contact and DPO

For DPA-related enquiries, contact us at privacy@aopy.com. See also DPA Contact Details.