Data processing agreement (dpa)

Last updated: March 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between:

Blixtgo Agency AB (org. no. 559069-9038), Drottninggatan 6A, 212 11 Malmö, Sweden
(“Processor” or “OffertBox”)

and

The registered business using the OffertBox platform (“Controller” or “Customer”).

1. Purpose of this Agreement

This DPA regulates the processing of personal data by OffertBox on behalf of the Customer in
accordance with:

  • General Data Protection Regulation (GDPR)
  • Applicable EU and Swedish data protection laws

2. Roles of the Parties

  • The Customer acts as Data Controller
  • OffertBox acts as Data Processor

The Customer determines the purposes and means of processing personal data.

3. Categories of Data Subjects

Personal data processed under this Agreement may include:

  • Customers of the Customer
  • Employees of the Customer
  • Business contacts
  • Leads and potential clients

4. Types of Personal Data

The processing may include:

  • Names
  • Email addresses
  • Phone numbers
  • Addresses
  • Service-related data
  • Booking and scheduling data
  • Communication content
  • Technical data (IP address, device info)

5. Nature and Purpose of Processing

OffertBox processes personal data to:

  • Provide the SaaS platform
  • Store and manage customer data
  • Enable communication (email/SMS)
  • Handle leads, quotes, and bookings
  • Provide analytics and reporting
  • Ensure system functionality and security

6. Duration of Processing

Personal data will be processed:

  • For as long as the Customer uses the Service
  • Until deletion is requested
  • Or as required by applicable law

7. Processor Obligations

OffertBox shall:

  • Process personal data only on documented instructions from the Customer
  • Ensure confidentiality of all personnel
  • Implement appropriate technical and organizational measures
  • Assist the Customer in fulfilling GDPR obligations
  • Notify the Customer of data breaches without undue delay
  • Not sell or misuse personal data

8. Security Measures

OffertBox implements appropriate safeguards, including:

  • Secure cloud hosting via Google Cloud / Firebase
  • Access control and authentication
  • Encryption where applicable
  • Monitoring and logging
  • Data minimization principles

9. Sub-processors

The Customer authorizes OffertBox to use the following sub-processors:

  • Google Cloud / Firebase
  • Stripe
  • Mailgun
  • Twilio
  • Google Analytics
  • Meta Pixel

OffertBox ensures that all sub-processors comply with GDPR requirements.

10. International Transfers

Where data is transferred outside the EU/EEA, OffertBox ensures appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • GDPR-compliant agreements

11. Data Subject Rights

OffertBox shall assist the Customer in responding to requests from data subjects, including:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Data portability

12. Data Breach Notification

In the event of a personal data breach, OffertBox shall:

  • Notify the Customer without undue delay
  • Provide relevant information
  • Assist in mitigation

13. Deletion and Return of Data

Upon termination of the Service, the Customer may request:

  • Deletion of all personal data
  • Return/export of data

Unless legal obligations require retention.

14. Audit Rights

The Customer may request information regarding compliance.

OffertBox may provide:

  • Documentation
  • Security descriptions
  • Compliance confirmations

15. Liability

Each party is responsible for its own compliance with GDPR.

OffertBox shall not be liable for:

  • Improper use of data by the Customer
  • Unlawful instructions from the Customer

16. Governing Law

This DPA is governed by the laws of Sweden.

17. Contact

For GDPR-related inquiries:

Blixtgo Agency AB
info@offertbox.se