Data Processing Agreement

This policy takes effect on February 9, 2026 (Version 1.0) 

This DPA forms part of the Terms of Service and applies where OfficeOne Solution processes personal data on behalf of the Customer. 

1. Definitions 

• Controller: The Customer (your organization) 
• Processor:  OfficeOne Solution 
• Personal Data: Any information relating to an identified or identifiable person 
• Processing: Any operation performed on personal data 

2. Processing Instructions 

OfficeOne Solution processes personal data only on documented instructions from the Customer, unless required by law. 

3. Security Measures 

• Encryption of personal data at rest and in transit 
• Access controls and least privilege principles 
• Regular security testing and audits 
• Incident response and breach notification procedures 

4. Sub-processors 

We use the following sub-processors: Microsoft Azure (infrastructure), Charge bee (billing). We will notify you of any changes within 30 days’ notice. 

5. Data Subject Rights 

We will assist you in fulfilling data subject requests (access, correction, deletion) within 30 days of your request. 

6. Breach Notification 

In the event of a personal data breach, we will notify you within 72 hours of becoming aware of the breach. 

7. Data Deletion 

Upon termination of services, we will delete or return all personal data within 90 days, unless longer retention is required by law. 

DPA Inquiries:   [email protected]