← Back to Legal Centre
DATA PROCESSING AGREEMENT

Data Processing Agreement

Effective Date: December 2024 | Last Updated: December 2024

1. Introduction

This Data Processing Agreement ("DPA") sets out the terms under which Levqor Ltd ("Processor," "we," "us") processes personal data on behalf of customers ("Controller," "you") who use our platform and services.

This DPA applies where you act as a data controller and Levqor processes personal data on your behalf as a data processor, in accordance with the General Data Protection Regulation (GDPR) and UK GDPR.

2. Roles and Responsibilities

You (Controller): You determine the purposes and means of processing personal data that you upload or manage through Levqor. You are responsible for ensuring you have a lawful basis to process this data.

Levqor (Processor): We process personal data solely on your behalf and in accordance with your instructions. We do not use your data for our own purposes beyond what's necessary to provide the service.

3. Types of Data Processed

The personal data processed depends on how you use Levqor. Common categories include:

  • Contact information: Names, email addresses, phone numbers of your contacts or customers
  • Business data: Workflow configurations, automation settings, logs
  • Technical data: IP addresses, device identifiers, usage patterns
  • Any data you choose to upload: Data you input into workflows or store on the platform

4. Processing Purposes

We process personal data only as necessary to:

  • Provide the Levqor platform and services
  • Execute workflows and automations you configure
  • Maintain platform security and prevent abuse
  • Provide customer support
  • Comply with legal obligations

5. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Access controls limiting who can access data
  • Logging and monitoring of system activity
  • Regular security assessments

For more details, see our Security Overview.

6. Sub-Processors

We engage trusted third-party sub-processors to assist in providing our services. These include:

  • Stripe: Payment processing
  • Infrastructure providers: Hosting and database services
  • Email service providers: Transactional email delivery
  • Analytics providers: Platform usage analytics

Sub-processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

7. Data Subject Rights

We will assist you in responding to data subject requests (access, rectification, erasure, portability, etc.) where technically feasible. Please contact us through our Contact page if you need assistance.

8. Data Breach Notification

In the event of a personal data breach affecting your data, we will:

  • Notify you without undue delay upon becoming aware of the breach
  • Provide information about the nature of the breach and affected data
  • Describe the measures taken or proposed to address the breach

9. Data Deletion

Upon termination of your account or upon your request, we will delete or return your personal data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (such as billing records).

10. International Transfers

Where personal data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO.

11. Contact

For questions about this DPA or to request a signed copy for your records, please contact us through our Contact page.

See also: Privacy Policy | Security Overview