Accueil

Data Processing Agreement (DPA)

Processing agreement under Art. 28 GDPR, applicable when the Customer processes third-party personal data via Orizen. This English version is a courtesy translation; the French version prevails.

Dernière mise à jour : 22 May 2026

This DPA forms part of the Terms between the Customer (« Controller ») and Rémy Magne (sole trader) (« Processor », the « Publisher »).

1. Roles of the parties

The Customer is the controller; the Publisher is the processor (Art. 4 and 28 GDPR).

2. Subject, duration, nature, purpose

  • Subject: data processing to deliver Orizen.
  • Duration: subscription term + reversibility.
  • Nature/purpose: hosting, storage, organisation, access, AI analysis.

3. Data and data subjects

Determined by the Customer (identification, contact, business and commercial data, content). Data subjects: the Customer's clients, prospects, employees, partners. No special-category data (Art. 9) without a legal basis and prior notice.

4. Publisher's obligations

  • Process only on the Customer's documented instructions.
  • Confidentiality; access limited to authorised personnel.
  • Security measures (Art. 32): encryption, isolation, access control, logging.
  • Assistance with data-subject requests (Art. 12–22) and obligations (Art. 32–36).
  • Breach notification without undue delay.
  • Deletion or return of data at the end of the engagement.
  • Provision of information and reasonable audit rights.

5. Subprocessors

Authorised: Clerk, Stripe, Supabase, Vercel, Resend, Groq, Mistral, Google (Gemini). Prior notice of changes.

6. Transfers outside the EU

Appropriate safeguards (Standard Contractual Clauses and/or Data Privacy Framework).

7. Liability

Each party is liable under Art. 82. The Terms' limitations apply within the limits of the law.

8. Acceptance

Acceptance of the Terms constitutes acceptance of this DPA. Signed copy on request: contact@orizen.cloud.