Data Processing Agreement (DPA)

Effective Date: 28.07.2025

This Data Processing Agreement ("Agreement") is entered into between Tegrilu SRL, a company incorporated in Romania with its registered office at Int. Calusei No.3, Bucharest, Romania ("Processor"), and the Customer ("Controller"), together referred to as the “Parties.”

This Agreement supplements the Terms of Service and reflects the Parties’ agreement with respect to the processing of personal data in accordance with Article 28 of the General Data Protection Regulation (EU 2016/679 – "GDPR").

1. Subject Matter and Duration

This Agreement governs the processing of personal data by the Processor on behalf of the Controller in connection with the Controller’s use of the Service. The duration corresponds to the term of the Service subscription or use.

2. Nature and Purpose of Processing

The Processor will process personal data solely for the purpose of providing the Service, including technical support, maintenance, and improvements.

3. Types of Personal Data

Depending on the Service features used, the following personal data may be processed:

  • Names and usernames
  • Email addresses
  • Jira issue metadata (e.g., assignees, reporters)
  • Activity logs and usage data

4. Categories of Data Subjects

Data subjects may include:

  • End users of the Controller’s Atlassian Jira instance
  • Employees or contractors whose data appears in Jira

5. Obligations of the Processor

The Processor shall:

  • Process personal data only on documented instructions from the Controller;
  • Ensure that persons authorized to process the data are bound by confidentiality obligations;
  • Implement appropriate technical and organizational measures to ensure data security;
  • Assist the Controller with responding to data subject requests and GDPR compliance;
  • Notify the Controller without undue delay of any personal data breach;
  • Delete or return all personal data at the end of the service provision;
  • Make available to the Controller all information necessary to demonstrate compliance with this Agreement and Article 28 of the GDPR.

6. Subprocessors

The Controller authorizes the Processor to engage subprocessors listed in our Subprocessor List, provided that:

  • Each subprocessor is subject to equivalent data protection obligations;
  • The Processor remains fully liable for the acts of its subprocessors.

The Processor shall inform the Controller of any intended changes to the list of subprocessors and give the Controller an opportunity to object.

7. International Transfers

If personal data is transferred outside the European Economic Area (EEA), the Processor shall ensure such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions.

8. Audits

Upon written request and with reasonable notice, the Controller may audit the Processor’s compliance with this Agreement. The Processor shall cooperate fully and provide necessary documentation, provided that audits do not interfere unreasonably with Processor’s operations.

9. Liability and Indemnity

Each Party shall be liable for and indemnify the other against any damages or claims arising from its breach of this Agreement or applicable data protection laws.

10. Termination

This Agreement terminates automatically with the end of the Service Agreement. Upon termination, the Processor shall delete or return all personal data, unless retention is required by law.

11. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of Romania. Any disputes shall be resolved by the competent courts of Bucharest, Romania.

12. Contact Information

For data protection inquiries, please contact us at:
📧 contact@aperta.red

IN WITNESS WHEREOF, the Parties agree to this Data Processing Agreement as of the Effective Date.