Awarely
AwarelyMonitor

Data Processing Agreement

Last Updated: July 12, 2026Effective Date: July 26, 2026

This standard Data Processing Agreement ("DPA") applies to Awarely Monitor business customers where AWARELY processes personal data on behalf of the customer as processor under GDPR. It is intended for organization customers, especially those contracting directly with Awarely under manual-invoice arrangements. This web version is a standard template and is not accepted by click-through in the app; a separately executed copy controls the processor relationship for the relevant customer.

1. Parties, Scope, and Precedence

Customer as controllerThe organization customer acts as controller for customer personal data submitted to or generated through its use of the Service, to the extent GDPR allocates that role to the customer.
Awarely as processorMUNTEANU C. D. MIHAI PERSOANĂ FIZICĂ AUTORIZATĂ trading as AWARELY acts as processor for the customer data described in this DPA when providing the Service to the customer.
Separate controller activitiesAwarely remains an independent controller for its own account administration, authentication, security logging, fraud prevention, direct billing/accounting records, legal compliance, and website/app operations that are outside processor instructions.
PrecedenceIf there is a conflict between this DPA and the general Terms or commercial documents regarding processor-side data protection obligations, this signed DPA prevails for that customer relationship.

2. Subject Matter, Duration, and Processing Details

Subject matterProvision of the Awarely Monitor vulnerability monitoring service, including account administration, alert configuration, team management, audit history, export features, support, and related service operations.
DurationProcessing continues for the duration of the customer contract and for any limited post-termination period required for secure deletion, return, legal retention, or backup lifecycle management.
Nature and purposeHosting, storage, organization, retrieval, alert delivery, support handling, security monitoring, and other processing necessary to provide the Service on the customer's behalf.
Data subjects and dataTypically customer users, team members, administrators, and support contacts. Data may include account identifiers, email addresses, alert settings, invite/contact details, audit and usage records, and support messages. Awarely’s direct billing and accounting records are processed in Awarely’s separate controller role and are not customer-processor data to that extent.

3. Instructions, Confidentiality, and Assistance

Documented instructionsAwarely processes customer data only on documented instructions from the customer, including the signed contract, applicable order/invoice documents, in-product configuration chosen by authorized users, and lawful customer support requests.
Unlawful instructionsAwarely will inform the customer if, in its opinion, an instruction infringes applicable data-protection law, unless applicable law prohibits that notice.
ConfidentialityAwarely ensures that persons authorized to process customer data are bound by confidentiality obligations.
Data subject requestsAwarely will reasonably assist the customer with access, rectification, deletion, restriction, portability, objection, and similar requests, taking into account the nature of processing and information available to Awarely.
Incidents and DPIAsAwarely will reasonably assist with security incident information, supervisory authority inquiries, DPIAs, and prior consultations where GDPR requires such assistance and where the information is available to Awarely.
Personal-data breachesWhere Awarely becomes aware of a personal-data breach affecting customer personal data processed under this DPA, Awarely will notify the customer without undue delay and provide information available to Awarely so that the customer can assess and meet its GDPR obligations. This statutory assistance is not a commercial support SLA.

4. Security Measures and Audit Information

Security baselineAwarely implements technical and organizational measures appropriate to the Service, including access controls, transport security, role separation, logging, monitoring, and vendor-managed cloud security capabilities proportionate to the Service environment.
Authentication and infrastructureThe Service uses AWS-hosted infrastructure, including Cognito for authentication and related AWS services for storage and processing. Primary deployment for this environment is in the EU region used by the Service.
Audit informationAwarely will provide reasonable information necessary to demonstrate compliance with this DPA. Any audit or information right is subject to reasonable notice, confidentiality, scope, security safeguards, and operational limits.
No unrestricted audit rightThis standard DPA does not grant unlimited on-site inspection rights; requests must be proportionate, security-safe, and not expose other customers or confidential system details.

5. Subprocessors and International Transfers

General written authorisationThe customer gives general written authorisation for Awarely to use subprocessors necessary to deliver the Service, including AWS services and Cognito for hosting and authentication. Cookiebot and Google Analytics are used for Awarely's own site/app operation where relevant, not as universal subprocessors for every customer workflow.
Subprocessor safeguardsAwarely requires subprocessors to provide appropriate data protection commitments consistent with applicable GDPR requirements.
Changes and objectionsFor an intended material new subprocessor that processes customer personal data, Awarely will give the customer’s nominated DPA contact advance notice where required by applicable law, so the customer can raise a reasonable data-protection objection. If the parties cannot resolve a valid objection, the customer may terminate the affected Service portion in accordance with the customer contract. The customer must keep its DPA contact information current.
Customer-configured destinationsWhere the customer configures browser-push delivery, Slack, Microsoft Teams, Jira, Linear, or a generic webhook destination, the customer instructs Awarely to transmit the configured content to that destination. The customer is responsible for the destination, its users, and its privacy/security settings; the destination is not made an Awarely subprocessor solely because the customer enabled it.
International transfersThe Service is configured for primary application processing in the EU (eu-central-1). Customer-configured destinations and providers can process data under their own service arrangements. Where a transfer outside the EU/EEA is applicable to processor-side customer data, Awarely relies on an appropriate GDPR Chapter V safeguard, such as an adequacy decision or Standard Contractual Clauses, as applicable.
Current subprocessor informationCustomers may request current subprocessor information relevant to their use case and deployment.

6. Deletion, Return, and Annexes

Deletion or returnAt termination and at the customer’s documented choice, Awarely will delete or return customer data under its processor role, unless applicable law requires retention or secure operational copies persist temporarily in backups or logs. The customer should request any needed export before ending access; the currently available self-service export has documented security exclusions and record limits.
Retention carve-outsController-side records that Awarely must keep for tax, accounting, fraud prevention, legal defense, or security purposes are outside the processor deletion obligation to that extent.
Annex AProcessing details, data categories, and data subjects are summarized in this page and form part of the standard DPA package.
Annex BTechnical and organizational measures are described at a summary level here and may be supplemented with reasonable additional information on request for business customers.

7. Execution and Contact

This standard DPA is available for organization customers and is executed by separate signature or email confirmation, not through in-app click acceptance.

MUNTEANU C. D. MIHAI PERSOANĂ FIZICĂ AUTORIZATĂ

Trading as: AWARELY

CUI: 53962936 · VIES: RO54197611

București, Sector 1, Bulevardul Bucureștii Noi, Nr. 136, Cod poștal 012366

monitor@awarely.ro

https://monitor.awarely.ro

For DPA requests or execution, contact monitor@awarely.ro and identify your organization, contracting model, and billing path.

For the general contract terms, see our Terms and Conditions.

For controller-side privacy details, see our Privacy Policy.