Record of Processing Activities 
Transfer Impact Assessment 
Privacy Impact Assessment 
Cybersecurity Controls 
Cybersecurity Risk Management 
Interactive Awareness Program Data Processing Agreement
Last updated: February 24, 2026
This Data Processing Agreement (“Agreement“) forms part of the Contract for Services (“Principal Agreement“) between:
Your Company details:
__________________________________
__________________________________
__________________________________
__________________________________
(the “Company”) and
Unicis.Tech OÜ
Sepapaja tn 6
15551 Tallinn, Estonia
(the “Data Processor”)
(together as the “Parties”)
WHEREAS
- (A) The Company acts as a Data Controller.
- (B) The Company wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
- (C) The Parties seek to implement a data processing agreement that complies with EU Regulation 2016/679 (GDPR) and related data protection laws.
- (D) The Parties wish to lay down their rights and obligations.
1. Definitions and Interpretation
Unless otherwise defined, capitalized terms in this Agreement have the following meanings:
- Agreement: This Data Processing Agreement and all Schedules
- Company Personal Data: Any Personal Data processed by a Contracted Processor on behalf of Company
- Contracted Processor: A Subprocessor
- Data Protection Laws: EU Data Protection Laws and applicable privacy laws of other countries
- EEA: European Economic Area
- GDPR: EU General Data Protection Regulation 2016/679
- Data Transfer: Transfer of Company Personal Data between Parties or Subprocessors where restricted by law
- Services: Functions-as-a-Service, Software-as-a-Service, and Consulting-as-a-Service
- Subprocessor: Any person appointed by the Processor to process Company Personal Data
Other GDPR terms like “Controller”, “Data Subject”, and “Processing” carry their usual meaning.
2. Processing of Company Personal Data
- Processor shall comply with Data Protection Laws and process Company Personal Data only according to documented instructions.
- The Company instructs the Processor to process Company Personal Data as necessary to provide Services.
3. Processor Personnel
Processor will ensure that personnel with access to Company Personal Data are reliable, limited to necessary access, and subject to confidentiality obligations.
4. Security
- Processor implements appropriate technical and organizational measures in accordance with GDPR Article 32.
- Processor assesses risks from Personal Data Breaches and maintains necessary safeguards. See Security Policy for details.
5. Subprocessing
Processor will not appoint Subprocessors or disclose Company Personal Data without Company’s authorization.
6. Data Subject Rights
- Processor assists the Company in responding to Data Subject requests under Data Protection Laws.
- Processor promptly notifies the Company of such requests and only responds per documented instructions or legal requirement.
7. Personal Data Breach
- Processor notifies Company without undue delay of any Personal Data Breach.
- Processor cooperates with Company to investigate, mitigate, and remediate the breach.
8. Data Protection Impact Assessment
Processor provides reasonable assistance to the Company for impact assessments and consultations with Supervisory Authorities regarding Company Personal Data.
9. Deletion or Return of Company Personal Data
Upon cessation of Services, Processor shall promptly delete or return all copies of Company Personal Data within 10 business days.
10. Audit Rights
- Processor allows the Company to audit and inspect compliance with this Agreement.
- Information and audit rights arise to the extent not already provided in the Principal Agreement.
11. Data Transfer
Transfers of Company Personal Data outside the EU/EEA require Company’s prior written consent and must comply with GDPR-approved mechanisms.
12. General Terms
- Confidentiality: Both Parties keep this Agreement and related information confidential, unless disclosure is required by law or already public.
- Notices: Notices must be in writing and sent to addresses set in the Agreement, by post, personal delivery, or email.
13. Governing Law and Jurisdiction
This Agreement is governed by the laws of Estonia. Disputes will be submitted to the exclusive jurisdiction of the courts of Tallinn, subject to appeal to the Supreme Court of Estonia in Tartu.
Signatures
Your Company details:
Signature ______________________________
Name: ________________________________
Title: _________________________________
Date Signed: _________________________________
Unicis.Tech OÜ
Name: Predrag Tasevski
Title: CEO and Founder