Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller") and EUnion ("Data Processor"). This DPA reflects the requirements of the General Data Protection Regulation (GDPR) regarding the processing of personal data.

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, storage, use, and deletion.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data.

Data Processor: EUnion, who processes personal data on behalf of the Data Controller.

3. Processing Details

EUnion processes personal data exclusively within the European Union. Our data centers are located in:

• Germany (primary)
• Sweden (backup)
• France (CDN edge locations)

4. Types of Personal Data Processed

EUnion may process the following categories of personal data:

• Contact information (name, email address)
• Account credentials (encrypted passwords)
• Communication data (emails, messages)
• Usage data (logins, feature usage)
• Technical data (IP addresses, device information)

5. Purposes of Processing

Personal data is processed for the following purposes:

• Providing cloud services (email, storage, collaboration)
• User authentication and account management
• Service improvement and development
• Security monitoring and fraud prevention
• Legal compliance and regulatory requirements

6. Data Subject Rights

We facilitate the exercise of data subject rights including:

• Right to access personal data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

7. Security Measures

EUnion implements appropriate technical and organizational measures:

• End-to-end encryption for communications
• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• Regular security audits and penetration testing
• Access controls and authentication
• Employee confidentiality agreements

8. Subprocessors

EUnion may engage subprocessors for specific services. All subprocessors are GDPR-compliant and located within the EU:

• Hosting providers (EU-based)
• Payment processors (EU-based)
• Support ticketing system (EU-based)

We maintain a current list of subprocessors available upon request.

9. Data Breach Notification

In the event of a personal data breach, EUnion will:

• Notify the Data Controller without undue delay
• Provide details of the breach and affected data
• Cooperate in breach response and mitigation
• Assist with notifications to supervisory authorities if required

10. Data Retention and Deletion

Personal data is retained only as long as necessary for the purposes outlined above. Upon account termination:

• Active data is deleted within 30 days
• Backups are purged within 90 days
• Legal obligations may require longer retention

11. Audits and Inspections

Data Controllers may request audits of EUnion's data processing activities. We will provide necessary information to demonstrate compliance with this DPA and GDPR.

12. Changes to This Agreement

We may update this Data Processing Agreement to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or through our services.

13. Contact

For questions about this Data Processing Agreement, please contact our Data Protection Officer at info@linux-sverige.se.