OuViTel Logo OuViTel™
Contact

Data Processing Agreement

Last updated: 5 January 2026

Legal Entity: OuViTel™ is a trademark of Urimata Ltda., São Paulo, Brazil.
OuViTel Interface in Action

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Urimata Ltda. ("Processor") and the Customer ("Controller") for the processing of personal data through the OuViTel™ Cloud Print service.

This DPA applies to B2B customers who process personal data through the Service and is required under GDPR (EU), LGPD (Brazil), and other applicable data protection laws.

2. Definitions

Controller: The Customer who determines the purposes and means of processing personal data.

Processor: Urimata Ltda., who processes personal data on behalf of the Controller.

Personal Data: Any information relating to an identified or identifiable natural person processed through the Service.

Processing: Any operation performed on personal data, including collection, storage, transmission, and deletion.

Subprocessor: Third-party processors engaged by Urimata Ltda. to assist in providing the Service.

3. Scope of Processing

The Processor shall process personal data only for the following purposes:

  • Providing and operating the OuViTel™ Cloud Print service
  • Authenticating users and devices
  • Monitoring service health and performance
  • Providing customer support
  • Complying with legal obligations

Processing is limited to the duration of the customer's subscription and data retention periods specified in the Privacy Policy.

4. Processor Obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure confidentiality of all personnel with access to personal data
  • Implement appropriate technical and organizational security measures
  • Assist the Controller with data subject requests
  • Notify the Controller of personal data breaches without undue delay
  • Assist with data protection impact assessments when required

5. Security Measures

The Processor implements the following security measures:

  • Strong encryption mechanisms designed to protect print data during transmission
  • Optional client-side encryption of print content, depending on customer configuration and service tier
  • Access controls, authentication, and device authorization mechanisms
  • Segregation of customer data and logical access restrictions
  • Incident response and personal data breach notification procedures
  • Subprocessor due diligence and contractual data protection obligations

6. Subprocessors

The Processor engages the following subprocessors for the OuViTel™ Cloud Print service:

  • Railway: Cloud infrastructure, hosting, and Platform as a Service
  • Brevo: Email delivery and notifications
  • Zoho Desk: Support ticket management and customer service
  • Google Workspace: Business email and collaboration tools
  • Stripe: Payment processing and billing

The OuViTel™ marketing website (ouvitel.com) includes a contact form processed by Netlify Forms, which collects personal data (name, email, message) for customer inquiries. Netlify acts as a subprocessor for this website functionality.

The Processor shall notify the Controller of any new subprocessors and provide opportunity to object.

7. International Data Transfers

Personal data may be transferred outside the European Economic Area or Brazil.

Such transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Equivalent safeguards under LGPD for international transfers
  • Processor's commitment to GDPR Chapter V and LGPD Article 33 compliance

8. Data Subject Rights

The Processor shall assist the Controller in fulfilling data subject rights requests, including:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of personal data ("right to be forgotten")
  • Restriction of processing
  • Data portability

Requests must be submitted by the Controller, not individual data subjects.

9. Data Retention

Personal data is retained according to the following schedule:

  • Print job metadata: 90 days after processing
  • Account data: 30 days after account termination
  • Access logs: 90 days for security purposes
  • Support ticket data: Retained as long as necessary for service provision
  • Business email data: Retained according to legal and operational requirements
  • Payment and billing data: Retained for 5 years for tax and legal compliance

Upon termination, the Processor shall securely delete or return all personal data at the Controller's choice.

10. Audits and Inspections

The Controller may request reasonable audit rights to verify compliance with this DPA.

Audits may include:

  • Review of security documentation and policies
  • Third-party audit reports (SOC 2, ISO 27001)
  • On-site inspections with reasonable notice

Audit costs are borne by the Controller unless a material breach of this DPA is found.

11. Liability and Indemnification

Each party's liability under this DPA is subject to the limitations in the Terms of Service.

The Processor shall indemnify the Controller for damages resulting from Processor's material breach of this DPA, to the extent permitted by applicable law.

12. Termination

This DPA terminates automatically when the underlying Terms of Service terminate.

Upon termination, the Processor shall:

  • Cease all processing of personal data
  • Delete or return personal data as instructed
  • Provide written certification of deletion

13. Governing Law

This DPA is governed by the laws of Brazil.

Jurisdiction: São Paulo, Brazil.

Any disputes shall be resolved in the courts of São Paulo, Brazil.

14. Contact

Urimata Ltda.

São Paulo – Brazil

Email: support@ouvitel.com