Last updated: March 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between:
Blixtgo Agency AB (org. no. 559069-9038), Drottninggatan 6A, 212 11 Malmö, Sweden
(“Processor” or “OffertBox”)
and
The registered business using the OffertBox platform (“Controller” or “Customer”).
1. Purpose of this Agreement
This DPA regulates the processing of personal data by OffertBox on behalf of the Customer in
accordance with:
- General Data Protection Regulation (GDPR)
- Applicable EU and Swedish data protection laws
2. Roles of the Parties
- The Customer acts as Data Controller
- OffertBox acts as Data Processor
The Customer determines the purposes and means of processing personal data.
3. Categories of Data Subjects
Personal data processed under this Agreement may include:
- Customers of the Customer
- Employees of the Customer
- Business contacts
- Leads and potential clients
4. Types of Personal Data
The processing may include:
- Names
- Email addresses
- Phone numbers
- Addresses
- Service-related data
- Booking and scheduling data
- Communication content
- Technical data (IP address, device info)
5. Nature and Purpose of Processing
OffertBox processes personal data to:
- Provide the SaaS platform
- Store and manage customer data
- Enable communication (email/SMS)
- Handle leads, quotes, and bookings
- Provide analytics and reporting
- Ensure system functionality and security
6. Duration of Processing
Personal data will be processed:
- For as long as the Customer uses the Service
- Until deletion is requested
- Or as required by applicable law
7. Processor Obligations
OffertBox shall:
- Process personal data only on documented instructions from the Customer
- Ensure confidentiality of all personnel
- Implement appropriate technical and organizational measures
- Assist the Customer in fulfilling GDPR obligations
- Notify the Customer of data breaches without undue delay
- Not sell or misuse personal data
8. Security Measures
OffertBox implements appropriate safeguards, including:
- Secure cloud hosting via Google Cloud / Firebase
- Access control and authentication
- Encryption where applicable
- Monitoring and logging
- Data minimization principles
9. Sub-processors
The Customer authorizes OffertBox to use the following sub-processors:
- Google Cloud / Firebase
- Stripe
- Mailgun
- Twilio
- Google Analytics
- Meta Pixel
OffertBox ensures that all sub-processors comply with GDPR requirements.
10. International Transfers
Where data is transferred outside the EU/EEA, OffertBox ensures appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- GDPR-compliant agreements
11. Data Subject Rights
OffertBox shall assist the Customer in responding to requests from data subjects, including:
- Access
- Rectification
- Erasure
- Restriction
- Data portability
12. Data Breach Notification
In the event of a personal data breach, OffertBox shall:
- Notify the Customer without undue delay
- Provide relevant information
- Assist in mitigation
13. Deletion and Return of Data
Upon termination of the Service, the Customer may request:
- Deletion of all personal data
- Return/export of data
Unless legal obligations require retention.
14. Audit Rights
The Customer may request information regarding compliance.
OffertBox may provide:
- Documentation
- Security descriptions
- Compliance confirmations
15. Liability
Each party is responsible for its own compliance with GDPR.
OffertBox shall not be liable for:
- Improper use of data by the Customer
- Unlawful instructions from the Customer
16. Governing Law
This DPA is governed by the laws of Sweden.
17. Contact
For GDPR-related inquiries:
Blixtgo Agency AB
info@offertbox.se