Public calendarPricingInstallSearch
Start free

Data processing agreement

Data Processing Agreement (DPA) for organisation customers

Versiune 1.0·Updated July 7, 2026

On this page

  • 01Scope & roles
  • 02Documented instructions
  • 03Confidentiality
  • 04Security measures
  • 05Sub-processors
  • 06Data-subject assistance
  • 07Breach notification
  • 08Deletion on termination
  • 09Audit & information
  • 10Processing boundary
  • 11Governing law
  • 12Contact

This Data Processing Agreement ("DPA") applies when you use procese.online on behalf of an organisation — a law firm, a legal department, a company — and your team monitors cases through the service. It is an integral part of the Terms of Service: accepting the terms when creating an account includes this agreement, with no separate signature required.

The Romanian-language version of this agreement is the legally binding version. This English translation is provided for convenience.

1. Scope and roles

For the personal data your organisation brings into the service — the cases you choose to monitor, the names you search in by-name search, the members you invite into workspaces — your organisation is the controller under the GDPR, and Parma Digital SRL (VAT RO42128910) acts as processor, under Art. 28 of Regulation (EU) 2016/679.

Where Parma Digital SRL remains an independent controller:

  • your account data — the sign-in email, sessions, preferences, billing history — which we process in our own name, as described in the Privacy Policy;
  • the public court-data corpus — the case, hearing and court data collected from portal.just.ro and instante.justice.md, which we collect independently of any customer's instructions, based on the legal publicity of that data.

2. Documented instructions

We process the data you bring exclusively on your documented instructions — the instruction is your use of the service's features: you add a case, we monitor it; you invite a colleague, we grant them access; you delete a case or the account, we delete the data. We do not use the data you bring for any other purpose and we never sell it.

3. Confidentiality

Access to data processed on your behalf is limited to the people who need it to operate the service, bound to confidentiality by contract. The technical infrastructure is operated by Bookarest Digital SRL (Romania) as a sub-processor, under the same obligations.

4. Security measures

Under GDPR Art. 32, the service applies at least:

  • encryption in transit (TLS) on all public connections;
  • passwordless authentication via expiring magic links;
  • a dedicated installation — procese.online data is never mixed with other products;
  • server access exclusively via SSH keys, ports closed by default;
  • daily backups on three layers, one copy kept outside the primary hosting provider, within the European Union;
  • card data never reaches us — it is processed exclusively by Revolut.

5. Sub-processors

You grant us general authorisation to use the sub-processors below. The list is the same as in the Privacy Policy; all are bound by contracts with GDPR clauses and, where applicable, Standard Contractual Clauses for international transfers.

  • Bookarest Digital SRL (Romania) — technical platform (authentication, messaging, sync).
  • Hetzner Online GmbH (Germany, Falkenstein) — servers and compute infrastructure.
  • Cloudflare, Inc. (USA, with EU presence) — DNS, CDN, DDoS protection, edge computing and off-site backup storage (EU jurisdiction).
  • Sygnal (push-notification broker) — relay between the platform and the Apple / Google systems.
  • Apple Push Notification Service (APNS) (Apple Inc., USA) — push delivery on iOS devices.
  • Google Firebase Cloud Messaging (FCM) (Google LLC, USA) — push delivery on Android devices.
  • Resend (USA) — transactional email delivery (magic links, confirmations, invoices).
  • Revolut Business (UK / EU) — payment processing.

Any change to this list is announced at least 30 days in advance, by email to active accounts and in the app — during which you may object or close the account without penalty.

6. Assistance with data-subject rights

If a data subject exercises their GDPR rights (access, rectification, erasure, portability, objection) directly with your organisation, we assist you with the information and technical operations needed — normally within 10 working days of the request, at contact@procese.online.

7. Breach notification

If a security breach affects data processed on your behalf, we notify youwithout undue delay after becoming aware of it, with the information you need for your own notification to the authority (GDPR Art. 33): the nature of the breach, the categories and approximate number of people affected, and the measures taken.

8. Deletion or return on termination

On account deletion or contract termination, the data your organisation brought is deleted per the retention periods in the Privacy Policy — except what the law obliges us to keep (e.g. invoices, 10 years, Romanian Fiscal Code). Before deletion you can export your monitored data from the app. The public court-data corpus is not deleted — it exists independently of your account.

9. Audit and information

We make available the information needed to demonstrate Art. 28 compliance — this page, the privacy policy, the sub-processor list and, on written request, reasonable detail about security measures. On-site audits are arranged on justified written request, at the customer's cost, without endangering the security of other customers.

10. Processing boundary — criminal-offence data

Criminal-offence data is excluded from the service. We do not display or process on any customer's behalf personal data relating to criminal convictions or offences — party names and the object of a criminal case are shown to no one, and criminal cases are reduced to non-personal information (court, number, matter, stage, hearing dates). This boundary is part of the service and cannot be lifted by customer instruction.

11. Governing law

This agreement follows the law governing the Terms of Service — Romanian law and the GDPR. If this DPA conflicts with the terms, the DPA prevails for data processing.

12. Contact

For any question about this agreement: contact@procese.online. The competent supervisory authority is ANSPDCP (dataprotection.ro); for Moldovan court data, the CNPDCP (datepersonale.md).

procese.online · public case monitoring.
Public calendarMoldova courtsPricingInstallContactTermsPrivacyDPACookiesAccessibility

Public data from portal.just.ro. · Last sync: 7 July 2026

Operated by Parma Digital SRL · VAT RO42128910 · Made in Romania · Contact: contact@procese.online

ANPC – Alternative dispute resolution · EU ODR platform

procese.online does not provide legal advice. · We are not a case-management software for law firms. · We are not affiliated with the Ministry of Justice.