ProAudit — Data Processing Addendum (DPA)

Effective date: May 20, 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between the customer (“Customer”, “Controller”) and JEDITOOLS DOO (“Processor”, “JEDITOOLS”, “we”, “us”) for the provision of ProAudit where Customer is a business or other organization and we process Personal Data on Customer’s behalf.

Capitalized terms not defined here have the meanings in the Terms or in applicable Data Protection Laws, including the GDPR and UK GDPR where applicable.

1. Subject Matter and Duration

We process Personal Data on behalf of Customer for the purpose of providing the Service, including order handling, report generation, delivery, support, security and maintenance. This DPA applies for the duration of the agreement and until deletion or return of Personal Data in accordance with Section 10.

2. Nature and Purpose of Processing

Processing includes hosting, storage, transmission, analysis, AI-assisted generation, formatting, display, email delivery, logging, monitoring, support, security and other processing necessary to provide and maintain the Service.

3. Categories of Data and Data Subjects

  • Data subjects: Customer users, order submitters, employees or contractors, support contacts and any individuals whose data Customer chooses to include in submitted idea content.
  • Categories of data: email addresses, order metadata, technical data, idea content, report content, support communications, logs, IP addresses and payment metadata.
  • Special categories: Customer should not submit special category data or highly sensitive data unless strictly necessary and lawful.

4. Roles and Instructions

Customer is the Controller and JEDITOOLS is the Processor for Personal Data processed on Customer’s behalf. We will process Personal Data only on documented instructions from Customer, including through the Terms, order flow, this DPA and Customer’s use of the Service, unless required by law.

5. Confidentiality

We ensure persons authorized to process Personal Data are subject to appropriate confidentiality obligations.

6. Security Measures

We implement appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including encryption in transit, access controls, least-privilege access, backups, logging, monitoring and vendor security controls.

7. Sub-processors

Customer authorizes our use of the sub-processors listed on the Sub-processors page, as updated from time to time. We will impose data protection terms on sub-processors that provide appropriate protection for Personal Data. Where required, we will provide at least 30 days’ notice before adding or replacing a sub-processor, and Customer may object on reasonable data-protection grounds within that period.

8. Assistance to Controller

Taking into account the nature of processing, we will reasonably assist Customer with responding to data subject requests and with compliance obligations relating to security, breach notification, data protection impact assessments and prior consultation, where applicable and reasonably possible.

9. Personal Data Breach

We will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data processed on Customer’s behalf and provide information reasonably required for Customer to meet its breach notification obligations.

10. Deletion or Return

Upon termination of the agreement or upon valid request, at Customer’s choice and subject to technical feasibility, we will delete or return Personal Data and delete existing copies within a reasonable period, typically within 90 days, unless retention is required by law, payment records, fraud prevention, backups, legal holds or establishment, exercise or defense of legal claims.

11. Audits

We will make available information reasonably necessary to demonstrate compliance with this DPA and allow for audits by Customer or an auditor mandated by Customer, subject to reasonable confidentiality, security, scope, frequency and notice limitations.

12. International Transfers

Where we transfer Personal Data outside the EEA/UK without an adequacy decision, we will rely on appropriate safeguards such as EU Standard Contractual Clauses, the UK International Data Transfer Addendum or equivalent transfer mechanisms where required.

13. Liability and Precedence

Each party’s liability under this DPA is subject to the limitations and exclusions in the Terms. In case of conflict between this DPA and the Terms, this DPA prevails with respect to data protection matters.

14. Governing Law and Jurisdiction

This DPA is governed by the laws of England and Wales, and the courts of England and Wales have exclusive jurisdiction, except where mandatory law provides otherwise.

15. Processor Identity and Contact

Processor: JEDITOOLS DOO (Reg. No. 51026004)
Registered address: UL. 4. JULA BB, BLOK 35-36, Podgorica, Montenegro (Crna Gora)
Websites: https://proaudit.mehttps://app.proaudit.me
Data protection contact: legal@proaudit.me