ANNEX I: DETAILS OF PROCESSING

This Annex I corresponds to Annex I of the Standard Contractual Clauses and provides details about the parties, the nature and purpose of the processing, and the categories of Personal Data and Data Subjects.

A. LIST OF PARTIES

Data Exporter (Customer):

  • Name: As specified in the applicable Agreement and/or Order Form
  • Address:As specified in the applicable Agreement and/or Order Form
  • Contact person: As specified in the Customer’s account or Order Form
  • Email: As specified in the Customer’s account or Order Form
  • Role: Data Controller

Data Importer (Processor):

  • Name: Syncro Soft SRL
  • Address: Remus 5A, Craiova, 200082, Romania
  • Contact person: Data Protection Officer / Privacy Team
  • Email:privacy@oxygenxml.com
  • Role: Data Processor

B. DESCRIPTION OF TRANSFER

  1. Categories of data subjects whose personal data is transferred

    Personal Data processed under this DPA may relate to the following categories of Data Subjects:

    • Authorized Users invited by Customer to Organization Workspaces
    • Employees, contractors, consultants, or other personnel of Customer
    • Customers, clients, or partners of Customer (if referenced in documents)
    • Any other individuals whose Personal Data is included in Organization Content uploaded by Customer
  2. Categories of personal data transferred

    The types of Personal Data processed under this DPA depend entirely on what Customer chooses to upload to the Platform. Personal Data may include:

    • User Identity Data:
      • Full Name
      • Email addresses
      • Username, password (encrypted), authentication tokens, two-factor authentication credentials, SSO identifiers
      • Profile information (profile photo, phone number (optional), user preferences)
      • Payment method information (processed by third-party payment processors), transaction history
    • Content Data:
      • Any Personal Data contained in documents, comments, annotations, version history or other content uploaded by Customer
      • Technical documentation that may reference individuals
      • Communication data within collaboration features
    • Usage and Activity Data:
      • Document access logs
      • Edit history and version control data
      • Timestamps and activity metadata
      • IP addresses, device information, browser information (for security and audit purposes)
      • In-Platform messages, support ticket content, chat messages, feedback submissions
      • Billing Data: Billing contact name, billing email address, payment method information (processed by third-party payment processors), transaction history
  3. Special Categories of Data (if any):

    The Platform is not designed to process Special Categories of Personal Data (as defined in GDPR Article 9), including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation. Customer should not upload such data to the Platform unless absolutely necessary for Customer's documented purposes and with appropriate safeguards. Syncro Soft does not request or require such data for the provision of Services.

  4. Sensitive data transferred (if applicable).

    The Platform is not designed to process data relating to criminal convictions and offenses or other highly sensitive personal information. Customer represents that it will not upload such data to the Platform without Syncro Soft's prior written consent and implementation of additional safeguards.

  5. The frequency of the transfer

    Continuous for the duration of the Organization Agreement. Personal Data is transferred each time Customer or Authorized Users access the Platform, upload content, or use Platform features.

  6. Nature and Purpose of the processing

    The subject matter of processing under this DPA is the provision of the Oxygen Content Fusion platform, which enables Customer to create, edit, store, collaborate on, and manage technical documents and content. Syncro Soft processes Personal Data for the following purposes:

    • Providing the Platform services to Customer as described in the Organization Agreement
    • Enabling document creation, editing, collaboration, and version control
    • Facilitating user access, authentication, and authorization within Organization Workspaces
    • Storing and retrieving documents and content
    • Generating version history and audit logs
    • Enabling search and retrieval of content
    • Providing commenting, review, and approval workflows
    • Generating notifications and alerts as configured by Customer
    • Backing up and disaster recovery
    • Maintaining security and preventing abuse
    • Providing customer support and technical assistance to Customer
    • Complying with legal obligations
  7. Duration of the processing

    For the duration of the Organization Agreement, plus the data retention period specified in Section 10 of this DPA (typically up to 30 days for data retrieval, plus up to 90 days for deletion from backups, plus any additional retention required by law).

C. COMPETENT SUPERVISORY AUTHORITY

For Customer: The supervisory authority in Customer's jurisdiction as determined by GDPR Article 55 (establishment) or Article 56 (lead supervisory authority).

For Processor: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) - the Romanian Data Protection Authority.

Products

Features

Shop

Resources

Support

Company

© 2002-2026 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor