Data Processing Agreement
Last updated: June 27, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the customer ("Controller") and Bwired di Bersier Benoit Jonathan ("Processor") when Controller uses OmniTask Pro to process personal data on its behalf.
1. Subject matter and duration
Processor processes personal data on Controller's instructions for the duration of the Service.
2. Nature and purpose
Providing task management, calendar, and connected-mailbox features as described in the Service.
3. Categories of data subjects
- Controller's authorised users.
- Senders and recipients of emails synced via connected mailboxes.
- Contacts manually added by Controller.
4. Categories of personal data
- Identifiers (name, email).
- Content of emails and attachments synced from connected mailboxes.
- Task, calendar and note content created by users.
- Technical metadata (IP, user agent, timestamps).
5. Obligations of the Processor
- Process personal data only on documented instructions from Controller.
- Ensure personnel are bound by confidentiality.
- Implement appropriate technical and organisational measures (Art. 32 GDPR): TLS, AES-256-GCM at rest for mailbox secrets, row-level security, least-privilege access, audit logging.
- Assist Controller in responding to data subject requests.
- Notify Controller without undue delay of a personal data breach.
- Delete or return personal data on termination, subject to legal retention.
6. Subprocessors
Controller authorises the use of the subprocessors listed in our Privacy Policy. We will give reasonable notice of new subprocessors and provide an objection mechanism by email.
7. International transfers
Where transfers outside the EEA occur, they are covered by the EU Standard Contractual Clauses or equivalent safeguards.
8. Audits
Processor will make available to Controller information necessary to demonstrate compliance, and allow audits on reasonable notice and subject to confidentiality.
9. Contact
For DPA matters: privacy@centralo.work.