Data Processing Agreement

Unylo – Data Processing Agreement

Unylo

Cloud CRM • Partner Portal • Direct Sales Portal

Last updated: 18 December 2025 Document: Data Processing Agreement

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of and is incorporated into the Unylo Terms of Service (the “Agreement”), entered into between CK Software Group Ltd. (“Processor”, “Unylo”, “we”) and the customer entity subscribing to or using the Unylo Platform (the “Controller”, “Customer”).

Scope: This DPA applies where Unylo processes Personal Data on the Customer's behalf in the course of providing the Services.
Contact data protection Jump to sections

1. Definitions

Capitalised terms not defined in this DPA have the meaning given in the Terms of Service.

“Data Protection Laws” means all applicable data protection and privacy laws, including:

  • UK GDPR
  • EU GDPR (where applicable)
  • Data Protection Act 2018

“Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, and “Personal Data Breach” have the meanings given in the Data Protection Laws.

2. Roles of the Parties

2.1 The Customer acts as the Data Controller in respect of Personal Data processed on the Unylo Platform.

2.2 Unylo acts as a Data Processor, processing Personal Data only on documented instructions from the Customer.

2.3 Each party shall comply with its obligations under Data Protection Laws.

2.4 Personal data processing is further described in the Unylo Privacy Policy.

3. Scope of Processing

3.1 Subject Matter

Provision of the Unylo cloud-based customer relationship management, partner and distributor management, and sales enablement platform.

3.2 Duration

For the duration of the Customer’s subscription and any applicable data retention period.

3.3 Nature and Purpose

Processing necessary to:

  • Provide and operate the Platform
  • Enable customer configuration and use
  • Provide support and maintenance
  • Ensure platform security and performance

3.4 Categories of Data Subjects

  • Customer employees and authorised users
  • Partners, distributors, and resellers
  • Leads, prospects, and business contacts
  • End-customers and buyers (as entered by the Customer)

3.5 Categories of Personal Data

  • Names, email addresses, job titles
  • Business contact details
  • CRM records and interaction history
  • Sales, pipeline, and account metadata
  • User account and access credentials

4. Processor Obligations

Unylo shall:

4.1 Process Personal Data only in accordance with documented instructions from the Customer, unless required by law.

4.2 Ensure that persons authorised to process Personal Data are subject to confidentiality obligations.

4.3 Security Measures

Implement appropriate technical and organisational measures to protect Personal Data, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Logical tenant isolation
  • Regular security monitoring and backups

4.4 Assistance

Assist the Customer, taking into account the nature of the processing, with:

  • Data subject rights requests
  • Security obligations
  • Data protection impact assessments (where reasonably required)

5. Sub-Processors

5.1 The Customer authorises Unylo to engage Sub-Processors.

5.2 Current Sub-Processors include (but are not limited to):

  • Microsoft Azure (cloud infrastructure and hosting)
  • Stripe (payment processing)
  • Support and monitoring service providers

5.3 Unylo shall:

  • Impose data protection obligations on Sub-Processors equivalent to those in this DPA
  • Remain responsible for Sub-Processor performance

5.4 Unylo may update Sub-Processors from time to time. Material changes will be made available upon request.

6. International Data Transfers

6.1 Personal Data is primarily processed within the UK and EEA.

6.2 Where Personal Data is transferred outside the UK/EEA, Unylo ensures appropriate safeguards, including:

  • Adequacy decisions, or
  • Standard Contractual Clauses (SCCs)

7. Data Subject Rights

7.1 The Customer is responsible for responding to Data Subject requests.

7.2 Unylo shall provide reasonable assistance to enable the Customer to fulfil such requests.

8. Personal Data Breaches

8.1 Unylo shall notify the Customer without undue delay upon becoming aware of a Personal Data Breach.

8.2 Notification shall include:

  • Nature of the breach (where known)
  • Categories and approximate number of affected data subjects
  • Mitigation steps taken or proposed

9. Data Deletion and Return

9.1 Upon termination or expiry of the Services:

  • Personal Data will be retained for a limited period in line with Unylo’s data retention policies
  • The Customer is responsible for exporting data before expiry
  • Personal Data will be securely deleted thereafter unless retention is required by law

10. Audits

10.1 The Customer may request reasonable information to demonstrate compliance with this DPA.

10.2 Audits shall:

  • Be limited to once per year
  • Be subject to reasonable notice
  • Not unreasonably disrupt operations
  • Be conducted at the Customer’s cost

11. Liability

11.1 Liability under this DPA is subject to the limitations set out in the Terms of Service.

11.2 Nothing in this DPA limits liability where prohibited by Data Protection Laws.

12. Governing Law

This DPA is governed by the laws of England and Wales.

13. Contact

For data protection matters:
📧 legal@unylo.com

© CK Software Group Ltd. – Unylo. All rights reserved.

Unylo Data Processing Agreement Last updated: 18 December 2025

Let us improve your business!

By centralising customer data, Unylo enables businesses to offer personalised experiences, fostering stronger relationships and improving customer satisfaction.

Contact Us