SALVOREN Legal
Data Processing Agreement (DPA)
Last updated: 16 March 2026

This Data Processing Agreement (“DPA”) forms part of the agreement between SALVOREN and the Customer regarding the processing of personal data under the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This DPA applies when SALVOREN processes personal data on behalf of the Customer through the SALVOREN services.

1. Parties

Data Processor

Pontus Olsson
Sole Trader (Swedish: Enskild näringsverksamhet)
Registration No: [REGISTRATION NUMBER]
SALVOREN
Email: [email protected]

Data Controller

The Customer using SALVOREN’s services who determines the purposes and means of processing personal data.

2. Definitions

For the purposes of this DPA:

Personal Data

Any information relating to an identified or identifiable natural person as defined under GDPR.

Processing

Any operation performed on personal data including collection, storage, organization, use, transmission, or deletion.

Data Controller

The Customer determining the purpose and means of processing personal data.

Data Processor

SALVOREN processing personal data on behalf of the Customer.

Sub-processor

Any third party engaged by SALVOREN to process personal data on behalf of the Customer.

Data Subject

The individual to whom the personal data relates.

3. Scope, Nature, and Purpose of Processing

SALVOREN processes personal data solely for the purpose of providing and operating its SaaS services.

Processing may include:

  • collection
  • storage
  • organization
  • structuring
  • retrieval
  • transmission
  • analysis
  • deletion

The services may include:

  • booking management systems
  • customer communication automation
  • CRM functionality
  • messaging services
  • appointment scheduling
  • customer support systems
  • analytics and operational functionality

SALVOREN will process personal data only as necessary to deliver the services requested by the Customer and will not process personal data for its own purposes.

4. Categories of Data Subjects

Depending on how the Customer uses the Service, data subjects may include:

  • customers of the Customer
  • leads or potential customers
  • website visitors
  • individuals contacting the Customer
  • individuals booking services through the Customer’s booking system

5. Categories of Personal Data

Personal data processed may include:

  • names
  • email addresses
  • phone numbers
  • booking information
  • appointment details
  • communication messages
  • customer notes
  • transaction or service information

The Customer determines what personal data is processed through the platform.

6. Instructions from the Customer

SALVOREN processes personal data only:

  • according to the documented instructions of the Customer
  • as necessary to provide the services

If SALVOREN believes that an instruction from the Customer violates GDPR or other applicable data protection laws, SALVOREN will inform the Customer without undue delay.

The Customer is responsible for ensuring that its instructions comply with applicable data protection laws.

7. Confidentiality

SALVOREN ensures that all persons authorized to process personal data:

  • are bound by confidentiality obligations
  • receive appropriate data protection training where necessary
  • process personal data only as required for their role

8. Security Measures

SALVOREN implements appropriate technical and organizational measures designed to protect personal data.

Such measures may include:

  • access control systems
  • secure infrastructure
  • system monitoring
  • encryption where appropriate
  • restricted access to production systems

These measures are designed to protect personal data against:

  • unauthorized access
  • accidental loss
  • destruction
  • alteration
  • disclosure

SALVOREN periodically reviews and updates its security measures to maintain an appropriate level of protection.

9. Sub-processors

The Customer provides general authorization for SALVOREN to engage sub-processors where necessary to operate the Service.

Sub-processors may include providers of:

  • cloud infrastructure
  • SaaS platforms
  • messaging services
  • AI services
  • hosting and data storage
  • payment processing

SALVOREN ensures that sub-processors are bound by written agreements imposing data protection obligations equivalent to those contained in this DPA.

SALVOREN will inform the Customer of any intended changes concerning the addition or replacement of sub-processors.

The Customer may object to such changes where reasonable and based on legitimate data protection concerns.

10. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), SALVOREN will ensure that appropriate safeguards are implemented.

These safeguards may include:

  • EU Standard Contractual Clauses (SCCs)
  • other legally recognized data transfer mechanisms under GDPR

11. Assistance to the Data Controller

Taking into account the nature of the processing and the information available to SALVOREN, SALVOREN will assist the Customer where reasonably necessary to help fulfill obligations related to:

  • data subject access requests
  • rectification or deletion of personal data
  • restriction of processing
  • data portability requests
  • security of processing
  • data protection impact assessments (DPIAs)
  • prior consultation with supervisory authorities where required

The Customer remains responsible for responding to such requests and complying with its legal obligations as Data Controller.

12. Data Breach Notification

In the event of a personal data breach affecting data processed by SALVOREN on behalf of the Customer, SALVOREN will notify the Customer without undue delay and, where feasible, within 72 hours after becoming aware of the breach.

The notification will include relevant information necessary for the Customer to meet its legal obligations under GDPR.

13. Data Retention and Deletion

SALVOREN will retain personal data only for as long as necessary to provide the services or comply with legal obligations.

Upon termination of the service agreement and upon request by the Customer, SALVOREN will:

  • delete personal data, or
  • return personal data to the Customer

unless retention of the data is required by applicable law.

14. Audit Rights

The Customer may request reasonable information demonstrating SALVOREN’s compliance with this DPA.

The Customer may also conduct audits or inspections of SALVOREN’s data processing activities relevant to this DPA, subject to the following conditions:

  • reasonable prior notice must be provided
  • audits must be limited to matters relevant to this DPA
  • audits must not disrupt SALVOREN’s operations or compromise system security
  • confidentiality obligations must be respected

SALVOREN may satisfy audit obligations by providing relevant documentation, certifications, or security reports where appropriate.

15. Liability

Each party remains responsible for its own compliance with applicable data protection laws.

SALVOREN’s liability related to data processing is subject to the limitations of liability defined in the Terms of Service.

16. Term and Termination

This DPA remains in force for as long as SALVOREN processes personal data on behalf of the Customer.

Upon termination of the underlying service agreement, this DPA shall automatically terminate once all personal data has been deleted or returned in accordance with this agreement.

17. Governing Law

This DPA is governed by the laws of Sweden.

Any disputes related to this DPA shall be resolved in accordance with the dispute resolution provisions in the Terms of Service.

18. Contact

SALVOREN
Pontus Olsson
Email: [email protected]

© 2026 SALVOREN — All rights reserved