Data Processing Agreement (DPA)
Effective Date: 1 December 2025
Last Updated: 1 December 2025
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Customer ("Controller") and 4Viso BV ("Processor"). It ensures compliance with Article 28 of the EU General Data Protection Regulation ("GDPR").
1. Parties
Processor: 4Viso BV
Science Park Antwerp, Galileilaan 15, 2845 Niel, Belgium
📧 info@4viso.com
Controller: The organization using the 4Viso Platform under the Terms of Service.
2. Purpose
4Viso processes personal data on behalf of the Controller solely to provide the 4Viso Platform and related SaaS services, in compliance with the Controller’s instructions and GDPR requirements.
3. Processing Details
| Subject Matter | Use of the 4Viso Platform and related services |
|---|---|
| Duration | For the duration of the subscription or contractual relationship |
| Nature & Purpose | Hosting, processing, and analysis of logistics, risk, and audit data |
| Types of Personal Data | Names, emails, organization data, audit metadata, credentials |
| Categories of Data Subjects | Employees, contractors, and clients of the Controller |
4. Processor Obligations
- Process Personal Data only under the Controller’s documented instructions.
- Ensure personnel with access are under confidentiality obligations.
- Implement appropriate security measures (Article 32 GDPR).
- Notify the Controller promptly of any Personal Data Breach.
- Assist with Data Subject requests and regulatory compliance.
- Delete or return Personal Data at the end of service unless legally required to retain it.
5. Controller Obligations
- Ensure lawful data collection and processing.
- Set and manage access permissions in the 4Viso Platform.
- Provide lawful instructions and ensure compliance with privacy laws.
6. Sub-Processing
4Viso may engage trusted Sub-Processors (e.g., cloud hosting, analytics, payment providers) under written agreements ensuring GDPR compliance. A current list of Sub-Processors is available upon request. 4Viso remains responsible for their performance.
7. International Data Transfers
Any transfer of Personal Data outside the EEA is secured using EU Standard Contractual Clauses (SCCs) or other lawful mechanisms recognized by the European Commission.
8. Security Measures
4Viso implements organizational and technical safeguards including encryption, access controls, secure EU-based hosting, audit logs, and regular penetration testing. Security documentation is available upon request.
9. Data Breach Notification
4Viso will notify the Controller of any data breach without undue delay (within 48 hours when feasible) and provide details about the nature, impact, and mitigation steps.
10. Audit Rights
The Controller may audit 4Viso’s compliance with this DPA once annually upon reasonable notice. 4Viso may fulfill this right by providing independent audit certifications (e.g., ISO 27001, SOC 2).
11. Liability
Each Party's liability is limited as defined in the 4Viso Terms of Service, except where otherwise required by law.
12. Governing Law & Arbitration
This DPA is governed by Belgian law. Disputes shall be resolved through arbitration in Antwerp, Belgium, in accordance with the rules of CEPANI. The arbitral decision is final and binding.
13. Termination
This DPA remains effective for as long as 4Viso processes Personal Data for the Controller. Upon termination of services, 4Viso will securely delete or return all data in accordance with the Controller’s request.
14. Execution
This DPA forms an integral part of the 4Viso Terms of Service. A countersigned copy can be provided to enterprise customers upon request.