Zoidii ← Legal Center
Legal

Data Processing Agreement

Last updated: 31 May 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Zoidii (“Processor”) and the customer (“Controller”) and governs the processing of personal data carried out by Zoidii on the Controller's behalf when using the Service.

Template DPA. For a signed, countersigned version (often required by enterprise procurement), contact legal@zoidii.info. Have counsel finalize the Annexes.

1. Subject matter & roles

Zoidii processes personal data only to provide the Service and on the documented instructions of the Controller. The Controller determines the purposes and means of processing; Zoidii acts solely as Processor.

2. Nature & purpose of processing

Hosting and managing maintenance data including work orders, assets, inventory, and the personal data of the Controller's authorized users and technicians, for the duration of the subscription.

3. Sub-processors

The Controller authorizes Zoidii to engage vetted sub-processors (e.g. cloud hosting, analytics, payment and email providers) under written terms imposing equivalent data-protection obligations. We maintain a current list of sub-processors and will give notice of intended changes so the Controller may object.

4. Security measures

Zoidii implements appropriate technical and organizational measures as described in our Security page, including encryption in transit and at rest, access controls and regular testing.

5. Data subject requests & assistance

Zoidii will assist the Controller, taking into account the nature of processing, in responding to data subject requests and in meeting obligations regarding security, breach notification and data protection impact assessments.

6. Personal data breaches

Zoidii will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, and will provide information reasonably required for the Controller's own notification obligations.

7. International transfers

Any transfer of personal data outside the EEA is made under appropriate safeguards, including the Standard Contractual Clauses where required.

8. Return & deletion

On termination, Zoidii will, at the Controller's choice, return or delete personal data, save where retention is required by law. Data can be exported by the Controller before deletion.

9. Audits

Zoidii will make available information necessary to demonstrate compliance and allow for audits, subject to reasonable confidentiality and frequency limits.

10. Annexes

Annex 1 (details of processing), Annex 2 (technical & organizational measures) and Annex 3 (approved sub-processors) are available on request from legal@zoidii.info.