Data Processing Agreement

Last updated August 22, 2025

This Data Processing Agreement (DPA) is part of the Agreement between Intelecy AS, reg.no. 918 527 419 (Processor), and any customer using its services (Controller) and governs the processing of personal data under applicable data protection laws, including the General Data Protection Regulation (GDPR).

The Processor offers a no-code AI platform as software-as-a-service (SaaS) that empowers industrial customers to optimize operations, analyse data, improve quality and increase efficiency.

By using the services, the Controller agrees to the terms of this DPA. 

1. Roles of the Parties

  • The Controller determines the purposes and means of the processing of personal data.
  • The Processor processes personal data on behalf of the Controller to provide the services under the Agreement.

2. Scope of Data Processing

2.1 Purpose

The purpose of the processing is to provide and improve the SaaS platform and related services, including the collection and analysis of website tracking data to ensure functionality, enhance user experience, perform service analytics, and maintain security and error handling.

2.2 Types of Personal Data

The processing may include the following categories of personal data:

  • Identification data (e.g., name, email address, company name, username)
  • Technical data (e.g., IP addresses, device information, browser type, language settings)
  • Tracking and analytics data (e.g., cookies, session data, website interactions, feature usage, navigation history)
  • Metadata and logs related to system and security purposes
2.3 Categories of Data Subjects
  • Authorized end users of the platform (including employees or contractors of the Controller)
2.4 Retention

Personal data collected through website tracking and analytics shall be retained for the period necessary to fulfill the purposes described above, but no longer than 36 months, unless a longer retention period is required by law.

3. Processor Obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller;
  • Ensure persons authorized to process the data are bound by confidentiality;
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk;
  • Assist the Controller with data subject requests, where reasonably possible;
  • Notify the Controller without undue delay after becoming aware of a personal data breach;
  • Delete personal data upon termination of the services, unless required to retain it by law.

4. Consent and Transparency

The Controller shall be responsible for ensuring that a valid legal basis exists for the processing of personal data collected through the use of tracking technologies within the SaaS platform, where such processing occurs on behalf of the Controller. This includes, where required, the provision of appropriate notices to data subjects and the obtaining and management of any required consent.

The Processor shall process such data only on the basis of the Controller’s documented instructions and shall have no independent obligation to obtain end-user consent in respect of data processed within the SaaS platform.

5. Subprocessors

 The Controller authorizes the Processor to engage subprocessors to support the provision of services. The Processor shall ensure that all subprocessors are subject to equivalent data protection obligations as set out in this DPA. The Processor will inform the Controller in advance of any intended changes to its subprocessors and allow the Controller to object on reasonable grounds.

6. Internal Transfers

 The Processor shall ensure that any transfer of personal data outside the EEA is done in compliance with applicable data protection law, using appropriate safeguards where required. 

7. Demonstrating Compliance and Audit

Upon request, the Processor shall make available to the Controller information reasonably necessary to demonstrate compliance with this DPA. Audits may be requested if such information is insufficient and must be subject to reasonable notice, scope, and timing.

8. Term

This DPA remains in effect for the duration of the Agreement, or as long as the Processor processes personal data on behalf of the Controller.

Want to learn more?