Data Processing Agreement (DPA)

This Data Processing Agreement (the “DPA”) forms part of the Terms of Service (the “Terms”) between the Customer and TR Automatyka sp. z. o. o. (the “Processor”), and governs the Processor’s processing of personal data on behalf of the Customer (the “Controller”).

1. Subject Matter and Duration

The Processor will process personal data solely for the purpose of providing the services described in the Terms, for the duration of the Customer’s use of the services, and as otherwise required by law.

2. Nature and Purpose of Processing

Processing includes collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, and deletion, as necessary to deliver, maintain, secure, and improve the services (including the website chatbot).

3. Categories of Data and Data Subjects

Categories of data typically include: account/contact data, conversation content, technical and usage data, uploads, and support communications.

Data subjects may include the Customer’s personnel, end users, website visitors, and other individuals whose data is submitted via the services.

4. Processor Obligations

• Process personal data only on documented instructions from the Controller.
• Ensure personnel are bound by confidentiality obligations.
• Implement appropriate technical and organizational measures for security.
• Assist the Controller with data subject requests and compliance obligations, taking into account the nature of processing.
• Notify the Controller without undue delay after becoming aware of a personal data breach.
• Delete or return personal data at the end of the provision of services, subject to legal obligations.
• Make available information necessary to demonstrate compliance and allow for audits, as permitted by law and subject to confidentiality.

5. Subprocessing

The Controller authorizes the use of subprocessors for service delivery. The Processor shall impose data protection obligations on subprocessors that are at least as protective as those set out in this DPA.

The current list of approved subprocessors is maintained at /subprocessors. The Processor will notify the Controller of material changes as required by applicable law.

6. International Transfers

Where personal data is transferred outside its originating jurisdiction, the Processor will ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place, and will provide details upon request.

7. Security Measures

The Processor maintains measures such as encryption in transit, access controls, least-privilege access, monitoring, and vendor due diligence, appropriate to the risk.

8. Data Subject Requests and Cooperation

Taking into account the nature of processing, the Processor will assist the Controller in responding to requests to exercise data subject rights and to comply with security, breach notification, impact assessments, and consultations with authorities.

9. Contact

• Email: hello@luzarn.com
• Address: 02-156 Warsaw, Poland, Lechicka 14

Effective Date: 13.10.2025 • Version: 1.0

For a countersigned DPA (if required by your compliance process), please contact us at the email above.