Logga in

Data Processing Agreement (DPA)

This Data Processing Agreement ("Agreement") and its annexes, including links, governs the Processing of Personal Data by OneMore Secure, 559389-1764 ("OMS"), a company incorporated under the laws of Sweden, acting as the “Processor.”

This Agreement is made in accordance with the requirements set out under the General Data Protection Regulation (EU 2016/679) ("GDPR") and outlines the terms and conditions under which OMS will process personal data on behalf of the Controller.

1. Definitions

The following terms shall have the meanings assigned to them under GDPR:
1.1 "Personal Data": Any information relating to an identified or identifiable natural person (“Data Subject”), including names, email addresses, and phone numbers of the Controller’s representatives.
1.2 "Processing": Any operation performed on Personal Data, including collection, storage, access, use, and deletion.
1.3 "Controller": The entity determining the purposes and means of Processing Personal Data.
1.4 "Processor": OMS, acting on behalf of the Controller in Processing Personal Data.
1.5 "Sub-Processor": Any third party engaged by OMS to Process Personal Data.
1.6 "Technical and Organizational Measures (TOMs)": Measures implemented to ensure the protection of Personal Data, as further outlined in Appendix 1.

2. Purpose and Scope of Processing

2.1 OMS will Process Personal Data solely for the purposes of delivering products and services as specified in the primary agreement between the parties.
2.2 OMS shall not Process Personal Data for any purpose other than those explicitly agreed upon, except where required by law.

3. Categories of Personal Data and Data Subjects

3.1 OMS will Process the following types of Personal Data:

  • Name of administrators.

  • Email address.

  • IP-number.

3.2 The categories of Data Subjects include representatives and employees of the Controller.

4. Data Location and Transfers

4.1 OMS ensures that all data is stored within the EU/EEA.
4.2 OMS uses Microsoft Azure with physical servers located in Sweden.
4.3 Data will not be transferred outside the EU/EEA.

5. Technical and Organizational Measures

OMS implements appropriate Technical and Organizational Measures to ensure a level of security appropriate to the risk, as outlined in Appendix 1. These include, but are not limited to:

  • Multifactor Authentication (MFA) for all services.

  • Encryption (SHA256, AES256, TLS 1.2 as a minimum).

  • Incident management procedures.

  • Regular privacy and security training for all personnel.

6. Sub-Processors

6.1 OMS engages the following Sub-Processors:

  • Microsoft Corporation (Cloud Hosting).

  • Websearch Sverige AB (Development).

  • Intuit France SAS - Representative by Mailschimp (Sending e-mails).

  • True Value Software AB (issue of certificates)

6.2 OMS shall ensure that any Sub-Processor complies with terms equivalent to those in this Agreement.

7. Obligations of OMS

OMS commits to:

  • Processing Personal Data only under the documented instructions of the Controller.

  • Ensuring that personnel authorized to Process Personal Data are subject to confidentiality obligations.

  • Implementing and maintaining appropriate TOMs.

  • Assisting the Controller in fulfilling Data Subject Rights requests and GDPR obligations, where applicable.

  • Notifying the Controller promptly in the event of a Personal Data Breach.

8. Data Retention and Deletion

OMS will retain Personal Data only for the duration necessary to fulfill the contractual obligations unless required by applicable laws. Upon termination of the Agreement, OMS will securely delete all Personal Data unless prohibited by national law.

9. Data Subject Rights

OMS will assist the Controller in responding to requests from Data Subjects in accordance with GDPR, including rights of access, rectification, erasure, and data portability.

10. Audits and Inspections

OMS allows the Controller to conduct one (1) free audit or inspection per year. Additional audits may incur administrative fees, subject to prior agreement.

11. Incident Management

OMS has procedures in place to detect, respond to, and mitigate Personal Data Breaches. OMS shall notify the Controller without undue delay upon becoming aware of a Breach.

12. Annual Assessments

OMS conducts regular impact and transfer assessments to ensure compliance with GDPR and other applicable laws.

13. Indemnity

OMS shall not be held liable for penalties, damages, or other costs incurred due to the Controller’s failure to comply with its own GDPR obligations.

14. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of Sweden. Any disputes arising under this Agreement shall be subject to the exclusive jurisdiction of the courts in Stockholm, Sweden.


Appendix 1: Technical and Organizational Measures (TOMs)

OMS employs the following safeguards:

  • Access Controls:

  • Multifactor Authentication (MFA).

  • Role-based access control (RBAC).

  • Encryption:

  • SHA256 and AES256 for data at rest.

  • TLS 1.2 for data in transit.

  • Incident Management:

  • Defined procedures for breach detection, response, and notification.

  • Training:

  • Regular staff training on data protection.

  • Data Minimization:

  • Limitation of collected data to what is necessary for agreed purposes

For more informations of our security, see our security measures.

This is how you contact us 

Feel free to contact us if you have any questions about our DPA.

Email to support@onemoresecure.com

For further contact details, visit our website www.onemoresecure.com

This DPA was last updated 2025-01-22.