ZER Data Processing Agreement

This DPA forms part of the ZER Terms where the customer is controller and FixLab is processor.

Version 2026-07-11 · Terms · Privacy · DPA

  1. Subject and duration: processing the customer's workspace data for the subscription term and deletion period solely to provide, secure, support and back up ZER.
  2. Nature and purpose: hosting CRM records, authentication, access control, document generation, communication, diagnostics, support, security logging, backup and recovery. Data subjects may include the customer's clients, employees, suppliers and contacts; data categories are those entered into the workspace.
  3. FixLab processes personal data only on documented customer instructions, including transfers, unless EU or Latvian law requires otherwise; in that case FixLab informs the customer unless prohibited by law.
  4. Authorised persons are bound by confidentiality. FixLab maintains appropriate technical and organisational measures, including tenant isolation, least privilege, hashed passwords, encryption, audit logging, backups, vulnerability maintenance and incident handling.
  5. FixLab assists the customer, taking account of the nature of processing, with data-subject requests, security, breach notification, DPIAs and supervisory-authority consultations. A confirmed personal-data breach is notified without undue delay with available facts and updates.
  6. The customer gives general authorisation for subprocessors. FixLab remains responsible for equivalent data-protection obligations and gives prior notice of material changes so the customer may object on reasonable data-protection grounds.
  7. At the end of service FixLab deletes or returns workspace personal data at the customer's choice, unless law requires retention. Active data is deleted within 30 days and encrypted backup remnants within 30 days.
  8. FixLab provides information reasonably necessary to demonstrate compliance and permits proportionate audits no more than annually, subject to confidentiality, security and reasonable cost, except after a material incident or authority request.
  9. The customer ensures a lawful basis, transparent notices, data accuracy, role management and lawful instructions. FixLab informs the customer if an instruction appears to infringe applicable data-protection law.