Sheetflow

Data Processing Agreement (DPA)

Entity: Reer Technologies DOO, Montenegro

Effective Date: January 1, 2025

For EU customers, this DPA incorporates Standard Contractual Clauses as required by GDPR Article 46.

🔒 What This Agreement Covers

For EU Customers:

  • • GDPR-compliant data processing
  • • Standard Contractual Clauses automatically apply
  • • Full data subject rights protection

For All Customers:

  • • Clear data processor role definition
  • • Comprehensive security measures
  • • Data breach notification procedures

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and Reer Technologies DOO ("Sheetflow") regarding the processing of personal data in connection with our Excel-to-API service.

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.)
Data Controller: The entity that determines the purposes and means of processing personal data
Data Processor: The entity that processes personal data on behalf of the controller
Data Subject: The individual whose personal data is being processed

2. Roles and Responsibilities

2.1 Customer as Data Controller

When Customer uploads Excel files containing personal data:

  • • Customer acts as the Data Controller
  • • Customer determines the purposes and means of processing
  • • Customer is responsible for compliance with applicable data protection laws
  • • Customer ensures lawful basis for processing exists

2.2 Sheetflow as Data Processor

  • • Sheetflow acts as Data Processor for personal data in Customer's Excel files
  • • Sheetflow processes data solely to provide the Service
  • • Sheetflow follows Customer's documented instructions
  • • Sheetflow implements appropriate security measures

3. Processing Details

3.1 Categories of Data Subjects

Personal data in Excel files may relate to:

  • • Employees, contractors, customers
  • • End users of Customer's systems
  • • Business contacts and vendors
  • • Other individuals as determined by Customer

3.2 Categories of Personal Data

Excel files may contain:

  • • Names, addresses, contact information
  • • Financial data, compensation information
  • • Performance metrics, calculations
  • • Other data as uploaded by Customer

3.3 Processing Activities

Sheetflow processes personal data to:

  • • Parse Excel formulas and named ranges
  • • Execute calculations via API calls
  • • Store data securely for Service provision
  • • Provide usage analytics and monitoring

4. Data Security Measures

4.1 Technical Measures

  • • Encryption of data in transit (TLS)
  • • Encryption of data at rest (AES-256)
  • • Secure authentication and access controls
  • • Regular security monitoring and logging

4.2 Organizational Measures

  • • Limited employee access on need-to-know basis
  • • Regular security training for personnel
  • • Background checks for employees with data access
  • • Incident response procedures

4.3 Access Controls

  • • Multi-factor authentication for administrative access
  • • Role-based permissions and audit trails
  • • Secure API authentication for data access
  • • Regular access reviews and revocation procedures

7. International Data Transfers and Standard Contractual Clauses

7.1 Data Transfer Mechanisms

For EU to Montenegro Transfers:
  • • This DPA incorporates the European Commission's Standard Contractual Clauses (SCCs) adopted June 4, 2021
  • • SCCs apply automatically for EU customers transferring personal data to our Montenegro operations
  • • Module 2 (Controller to Processor) applies for most customer relationships

7.2 Transfer Impact Assessment

For EU customers, we have conducted transfer impact assessments confirming:

  • • Montenegro provides adequate legal protections for personal data
  • • Technical and organizational measures ensure continued GDPR-level protection
  • • No laws in Montenegro undermine the effectiveness of SCCs

7.3 Other International Transfers

For transfers outside the EEA, we rely on:

  • • European Commission adequacy decisions where available
  • • Standard contractual clauses for other jurisdictions
  • • Other appropriate safeguards as required by applicable law

9. Data Breach Notification

9.1 Incident Response

Upon becoming aware of a personal data breach:

  • • Sheetflow will notify Customer without undue delay
  • • Notification within 72 hours where feasible
  • • Provide details of affected data and recommended actions

9.2 Customer Responsibilities

Customer remains responsible for:

  • • Notifying supervisory authorities as required
  • • Informing affected data subjects when necessary
  • • Meeting regulatory notification deadlines

10. Audit and Compliance

10.1 Audit Rights

Customer may:

  • • Request compliance information and certifications
  • • Conduct audits with reasonable advance notice
  • • Engage third-party auditors (subject to confidentiality)

10.2 Compliance Documentation

Sheetflow will provide:

  • • Security and privacy documentation
  • • Compliance certifications where available
  • • Assistance with Customer's compliance obligations

13. Contact Information

Data Protection Officer

Reer Technologies DOO

Address: Ilino bb, Bar, 85000

Country: Montenegro

Email: dpo@sheetflow.cloud

Additional Contacts

Legal Department: legal@sheetflow.cloud

Privacy Inquiries: privacy@sheetflow.cloud

Customer Acknowledgment

By using Sheetflow's services for processing personal data, Customer acknowledges and agrees to the terms of this Data Processing Agreement.

This DPA is governed by Montenegro law and incorporates EU GDPR requirements where applicable. For EU customers, Standard Contractual Clauses are incorporated by reference.

📋 Related Legal Documents

Privacy Policy
How we handle your data
Terms of Service
Service usage terms
Standard Contractual Clauses
EU data transfer requirements