Data Processing Agreement (DPA)

Data Processing Agreement

This Data Processing Agreement (DPA) is between Parlaz Sistemas (Processor) and the Customer (Controller) and governs the processing of personal data.

1. Definicoes

  • Personal Data: Information related to an identified or identifiable natural person
  • Tratamento: Any operation performed with personal data
  • Controller: Client who determines processing purposes and means
  • Processor: Parlaz que trata dados em nome do Controlador
  • Sub-processor: Terceiros contratados pela Parlaz para tratar dados

2. Escopo e Objeto

Types of Personal Data: Dados de clientes processados atraves da plataforma Parlaz incluindo nomes, e-mails, informacoes de contato e transcricoes de conversas.

Duracao: During the service period and for 30 days after termination or until data deletion as specified in our Privacy Policy.

3. Instrucoes de Tratamento

Parlaz trata dados pessoais apenas conforme instruido pelo Cliente, incluindo:

  • Processing specified in the service documentation
  • Processing necessary to comply with the law
  • Tratamento em resposta a solicitacoes legitimas de autoridades

4. Confidentiality and Security

Parlaz garante que funcionarios que tratam dados estao sujeitos a obrigacoes de confidencialidade e implementa medidas tecnicas e organizacionais de seguranca apropriadas incluindo:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Access controls and authentication (MFA)
  • Regular security audits and penetration testing
  • Incident response procedures
  • Security training for employees

5. Sub-processors

The Client is notified of the following sub-processors:

  • Amazon Web Services (AWS): Data Hosting and Infrastructure
  • Stripe: Payment processing
  • SendGrid: Email delivery

Parlaz notificara o Cliente sobre novos sub-operadores com 15 dias de antecedencia. O Cliente pode objetar a novos sub-operadores por escrito.

6. Data Subject Rights

Parlaz fornece assistencia razoavel ao Cliente para atender solicitacoes de titulares incluindo:

  • Right to Access (copy of personal data)
  • Right to Rectification (data correction)
  • Right to Erasure (data deletion)
  • Right to Restrict Processing
  • Right to Data Portability
  • Right of Opposition

7. Audit and Inspection

O Cliente pode auditar a conformidade da Parlaz com este DPA mediante aviso previo razoavel. Parlaz fornecera relatorios demonstrando conformidade com obrigacoes de seguranca.

8. Data Return or Deletion

Apos rescisao do Contrato, Parlaz, a criterio do Cliente:

  • Will return all personal data to Client in structured format
  • Will delete all personal data (securely and with certification)
  • Will retain data for the retention period specified in the Privacy Policy

9. International Data Transfers

Data is processed and stored in Brazil. Any international transfers (if necessary) will comply with LGPD requirements.

10. Versao do Documento

Versao: 1.0
Effective Date: 2026-02-18
This DPA is incorporated into the Service Agreement between the parties.