Data Processing Agreement (DPA)
Appendix to the Service Agreement – ELNIQ
In accordance with Article 28 of Regulation (EU) 2016/679 (GDPR)
1. Parties
Processor: ELNIQ, S.L.
Tax ID (CIF): B19873413
Calle Almirante Cadarso 26, Bajo, 46005 Valencia, Spain
(hereinafter referred to as “ELNIQ”)
Controller:
The customer, user, organization, or entity subscribing to or using ELNIQ services, platforms, applications, software solutions, websites, APIs, plugins, or related technologies
(hereinafter referred to as the “Customer”)
2. Purpose
This Data Processing Agreement governs the processing of personal data carried out by ELNIQ on behalf of the Customer in connection with the provision of ELNIQ services and in accordance with Article 28 GDPR.
3. Nature and Purpose of Processing
ELNIQ processes personal data solely for the purpose of providing the contracted services.
Depending on the services used, processing activities may include:
ELNIQ shall not use personal data for its own independent purposes nor disclose such data to third parties except as provided in this Agreement or required by law.
The processing may include collection, recording, organization, storage, consultation, use, transmission, and deletion of personal data.
4. Categories of Personal Data Processed
Depending on the services used by the Customer, ELNIQ may process the following categories of personal data:
ELNIQ does not intentionally process special categories of personal data as defined in Article 9 GDPR.
5. Categories of Data Subjects
The data processed may relate to:
6. Duration of Processing
Processing shall continue for the duration of the service agreement.
Upon termination or cancellation of the agreement, ELNIQ may retain personal data for up to 30 days, after which such data shall be permanently deleted unless a longer retention period is required by law.
7. ELNIQ Obligations as Processor
ELNIQ undertakes to:
a) Process personal data only on documented instructions from the Customer, including those contained in this Agreement and the Terms of Service.
b) Ensure that persons authorized to process personal data are subject to confidentiality obligations.
c) Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk in accordance with Article 32 GDPR, including:
e) Notify the Customer without undue delay, and in any event within 72 hours of becoming aware of a personal data breach affecting Customer data.
f) Delete or return personal data at the end of the provision of services as described in Section 6.
g) Make available all information reasonably necessary to demonstrate compliance with Article 28 GDPR.
h) Allow and contribute to audits or inspections conducted by the Customer or an independent auditor mandated by the Customer, subject to reasonable prior notice and provided such audits do not unreasonably interfere with ELNIQ operations.
8. Sub-processors
The Customer authorizes ELNIQ to engage sub-processors where reasonably necessary for the provision, maintenance, security, support, analytics, hosting, payment processing, artificial intelligence, machine learning, cloud infrastructure, monitoring, communication, or other technology services related to ELNIQ products.
Current sub-processors may include:
ELNIQ may add, replace, or remove sub-processors as reasonably required for the provision of services.
Customers will be informed of material changes where required by applicable law.
All sub-processors shall be subject to data protection obligations substantially equivalent to those contained in this Agreement.
9. International Data Transfers
Where personal data is transferred outside the European Economic Area, ELNIQ shall implement appropriate safeguards in accordance with Article 46 GDPR, including:
10. Customer Obligations
The Customer represents and warrants that:
a) it has a valid legal basis for processing personal data submitted to or processed through ELNIQ services;
b) it has provided all required notices to data subjects in accordance with Articles 13 and 14 GDPR;
c) it is responsible for the lawful implementation, configuration, and use of ELNIQ services, applications, integrations, APIs, plugins, scripts, and related technologies.
11. Governing Law
This Agreement shall be governed by:
In the event of any conflict between this Agreement and the Terms of Service, this Agreement shall prevail with respect to matters relating to personal data processing.
12. Acceptance
Acceptance of the ELNIQ Terms of Service, Service Agreement, or use of ELNIQ services constitutes acceptance of this Data Processing Agreement, which forms an integral part of the contractual relationship between the Customer and ELNIQ.
Version 1.0 – May 2026
ELNIQ, S.L.
Tax ID (CIF): B19873413
Appendix to the Service Agreement – ELNIQ
In accordance with Article 28 of Regulation (EU) 2016/679 (GDPR)
1. Parties
Processor: ELNIQ, S.L.
Tax ID (CIF): B19873413
Calle Almirante Cadarso 26, Bajo, 46005 Valencia, Spain
(hereinafter referred to as “ELNIQ”)
Controller:
The customer, user, organization, or entity subscribing to or using ELNIQ services, platforms, applications, software solutions, websites, APIs, plugins, or related technologies
(hereinafter referred to as the “Customer”)
2. Purpose
This Data Processing Agreement governs the processing of personal data carried out by ELNIQ on behalf of the Customer in connection with the provision of ELNIQ services and in accordance with Article 28 GDPR.
3. Nature and Purpose of Processing
ELNIQ processes personal data solely for the purpose of providing the contracted services.
Depending on the services used, processing activities may include:
- monitoring and analysis of website accessibility and interactions;
- collection and analysis of technical website and traffic data;
- generation of reports, analytics, recommendations, and insights;
- provision of AI-powered features and services;
- operation, maintenance, support, and security of ELNIQ platforms and applications.
ELNIQ shall not use personal data for its own independent purposes nor disclose such data to third parties except as provided in this Agreement or required by law.
The processing may include collection, recording, organization, storage, consultation, use, transmission, and deletion of personal data.
4. Categories of Personal Data Processed
Depending on the services used by the Customer, ELNIQ may process the following categories of personal data:
- IP addresses (where considered personal data);
- account and authentication data;
- website interaction and usage data;
- URLs and pages visited;
- user-agent information and technical identifiers;
- access date, time, frequency, and activity logs;
- technical data related to HTTP requests and system interactions;
- analytics and performance data;
- information submitted by the Customer through ELNIQ services;
- other personal data processed solely as necessary to provide the contracted services.
ELNIQ does not intentionally process special categories of personal data as defined in Article 9 GDPR.
5. Categories of Data Subjects
The data processed may relate to:
- visitors of Customer websites;
- users of Customer services;
- Customer employees, contractors, or authorized users;
- individuals whose data is processed through ELNIQ services on behalf of the Customer.
6. Duration of Processing
Processing shall continue for the duration of the service agreement.
Upon termination or cancellation of the agreement, ELNIQ may retain personal data for up to 30 days, after which such data shall be permanently deleted unless a longer retention period is required by law.
7. ELNIQ Obligations as Processor
ELNIQ undertakes to:
a) Process personal data only on documented instructions from the Customer, including those contained in this Agreement and the Terms of Service.
b) Ensure that persons authorized to process personal data are subject to confidentiality obligations.
c) Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk in accordance with Article 32 GDPR, including:
- encryption of data in transit (TLS/HTTPS);
- authentication and access controls;
- logging of system access;
- periodic backups.
e) Notify the Customer without undue delay, and in any event within 72 hours of becoming aware of a personal data breach affecting Customer data.
f) Delete or return personal data at the end of the provision of services as described in Section 6.
g) Make available all information reasonably necessary to demonstrate compliance with Article 28 GDPR.
h) Allow and contribute to audits or inspections conducted by the Customer or an independent auditor mandated by the Customer, subject to reasonable prior notice and provided such audits do not unreasonably interfere with ELNIQ operations.
8. Sub-processors
The Customer authorizes ELNIQ to engage sub-processors where reasonably necessary for the provision, maintenance, security, support, analytics, hosting, payment processing, artificial intelligence, machine learning, cloud infrastructure, monitoring, communication, or other technology services related to ELNIQ products.
Current sub-processors may include:
Sub-processor | Country | Purpose |
Leaseweb | EU | Hosting and infrastructure |
Cloudflare, Inc. | USA | Network, security and CDN |
Hostinger International Ltd. | EU | Transactional email |
Stripe Payments Europe, Ltd. | Ireland / USA | Payment processing |
Ireland / USA | Analytics and related services | |
OpenAI | USA | AI services |
Anthropic | USA | AI services |
Google Gemini | USA | AI services |
Perplexity AI | USA | AI services |
ELNIQ may add, replace, or remove sub-processors as reasonably required for the provision of services.
Customers will be informed of material changes where required by applicable law.
All sub-processors shall be subject to data protection obligations substantially equivalent to those contained in this Agreement.
9. International Data Transfers
Where personal data is transferred outside the European Economic Area, ELNIQ shall implement appropriate safeguards in accordance with Article 46 GDPR, including:
- Standard Contractual Clauses approved by the European Commission;
- the EU-U.S. Data Privacy Framework where applicable;
- other legally recognized transfer mechanisms.
10. Customer Obligations
The Customer represents and warrants that:
a) it has a valid legal basis for processing personal data submitted to or processed through ELNIQ services;
b) it has provided all required notices to data subjects in accordance with Articles 13 and 14 GDPR;
c) it is responsible for the lawful implementation, configuration, and use of ELNIQ services, applications, integrations, APIs, plugins, scripts, and related technologies.
11. Governing Law
This Agreement shall be governed by:
- Regulation (EU) 2016/679 (GDPR);
- Spanish Organic Law 3/2018 (LOPDGDD);
- applicable Spanish legislation.
In the event of any conflict between this Agreement and the Terms of Service, this Agreement shall prevail with respect to matters relating to personal data processing.
12. Acceptance
Acceptance of the ELNIQ Terms of Service, Service Agreement, or use of ELNIQ services constitutes acceptance of this Data Processing Agreement, which forms an integral part of the contractual relationship between the Customer and ELNIQ.
Version 1.0 – May 2026
ELNIQ, S.L.
Tax ID (CIF): B19873413
