This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Saga ERP (“Processor,” “we,” “our,” or “us”) and the customer using the Saga ERP platform (“Controller,” “Customer,” or “you”). This agreement governs the processing of personal data by Saga ERP on behalf of the Customer in connection with the use of the Saga ERP Software-as-a-Service (SaaS) platform.

1. Definitions

For the purposes of this Agreement:

Personal Data means any information relating to an identified or identifiable individual that is processed through the Saga ERP platform.

Processing means any operation performed on personal data, including collection, storage, organization, use, disclosure, or deletion.

Controller refers to the Customer who determines the purposes and means of processing personal data.

Processor refers to Saga ERP, which processes personal data on behalf of the Customer.

2. Scope of Processing

Saga ERP will process personal data only to the extent necessary to provide the Service to the Customer, including:

Hosting and maintaining the Saga ERP platform

Processing business operations data submitted by the Customer

Providing technical support and maintenance

Ensuring security and system performance

Saga ERP does not use Customer Data for advertising, profiling, or unrelated commercial purposes.

3. Categories of Data Subjects

Depending on how the Service is used, personal data may relate to:

Customer employees or staff members

Clients or customers of the Customer

Vendors, suppliers, or contractors

Business partners

Authorized users of the Saga ERP platform

4. Categories of Personal Data

The types of personal data processed may include:

Names and identification details

Email addresses and contact information

Employment or organizational information

Billing and transaction data

Customer relationship management (CRM) records

Business operational data entered into the system

The Customer determines which categories of personal data are stored within the platform.

5. Customer Responsibilities

The Customer agrees to:

Ensure that personal data is collected and processed lawfully

Provide appropriate privacy notices to data subjects where required

Obtain any necessary consent or legal basis for processing

Ensure that data uploaded to the Saga ERP platform does not violate applicable laws or regulations

Saga ERP is not responsible for verifying the legality of the data submitted by the Customer.

6. Processor Obligations

Saga ERP agrees to:

Process personal data only according to the Customer’s documented instructions

Maintain confidentiality regarding personal data processed on behalf of the Customer

Implement appropriate security measures to protect personal data

Ensure that personnel with access to personal data are subject to confidentiality obligations

Notify the Customer in the event of a confirmed personal data breach

7. Technical and Organizational Security Measures

Saga ERP implements security measures designed to protect personal data, which may include:

Encrypted data transmission (HTTPS/TLS)

Secure cloud infrastructure and firewalls

Role-based access controls

Authentication and account security mechanisms

System monitoring and logging

Regular security updates and vulnerability management

These measures are periodically reviewed and improved as part of Saga ERP’s security practices.

8. Subprocessors

Saga ERP may engage third-party service providers (“Subprocessors”) to assist in providing the Service, including:

Cloud hosting providers

Payment processing services

Analytics and infrastructure services

Saga ERP ensures that any subprocessors are bound by contractual obligations that provide an equivalent level of data protection as outlined in this Agreement.

Saga ERP remains responsible for the performance of its subprocessors.

9. International Data Transfers

If personal data is transferred or stored outside the Customer’s jurisdiction, Saga ERP will take appropriate safeguards to ensure that such transfers comply with applicable data protection laws.

10. Data Subject Requests

Where reasonably possible, Saga ERP will assist the Customer in responding to requests from data subjects exercising their rights, which may include:

Access to personal data

Correction of inaccurate information

Deletion requests

Data portability requests

Restrictions on processing

The Customer remains responsible for responding to such requests.

11. Data Breach Notification

In the event of a confirmed personal data breach affecting Customer Data, Saga ERP will:

Notify the Customer without undue delay

Provide information about the nature and scope of the breach

Take reasonable steps to mitigate the impact and prevent recurrence

12. Data Retention and Deletion

Saga ERP will retain personal data only for as long as necessary to provide the Service or comply with legal obligations.

Upon termination of the Service or upon written request from the Customer:

Personal data may be returned to the Customer where technically feasible

Remaining personal data will be securely deleted within a reasonable period, unless retention is required by law

13. Audits and Compliance

Upon reasonable request and subject to confidentiality obligations, Saga ERP may provide information necessary to demonstrate compliance with this Agreement and applicable data protection laws.

Any audits must be conducted in a manner that does not disrupt normal operations or compromise the security of other customers.

14. Liability

Each party’s liability under this DPA shall be subject to the limitations of liability set forth in the Saga ERP Terms of Service.

15. Updates to This Agreement

Saga ERP may update this Data Processing Agreement from time to time to reflect legal, technical, or operational changes. Updated versions will be posted on the website with a revised effective date.

16. Contact Information

If you have any questions about this Data Processing Agreement or Saga ERP’s data protection practices, please contact: