# Data Processing Agreement

## Overview

This standard Data Processing Agreement (DPA) governs the processing of personal data by Eli on behalf of enterprise customers, ensuring compliance with GDPR Article 28 and other applicable privacy laws.

## When You Need a DPA

**Enterprise customers** typically require a formal DPA for:

* Processing employee personal data (names, emails, engagement activities)
* Compliance with internal privacy policies
* Regulatory audit requirements
* Legal department due diligence

**Small to medium customers** are covered by data protection clauses in our standard Terms of Service.

## Key DPA Elements

#### Data Processing Details

**Subject Matter:** Employee engagement platform services\
**Duration:** Length of service agreement\
**Nature of Processing:** Collection, storage, analysis of employee engagement data\
**Purpose:** Workplace wellbeing and engagement improvement

#### Data Categories

**Personal Data Types:**

* Employee names and email addresses
* Engagement scores and activity participation
* Social posts and interactions
* Device and usage information

**Data Subject Categories:**

* Organization employees and participants
* Administrative users (HR, managers)

**Security & Compliance**

**Technical Measures:**

* Encryption in transit and at rest
* Access controls and authentication
* Regular security monitoring
* Secure data centers

**Organizational Measures:**

* Staff privacy training
* Confidentiality agreements
* Incident response procedures
* Regular compliance reviews

**Sub-Processors**

We maintain a list of sub-processors in our [Who We Work With](/confidentialite-et-securite-en/service-overview/who-we-work-with.md) documentation. Key sub-processors include:

* Cloud hosting providers
* Authentication services
* Email delivery services

**Sub-processor Changes:** Customers will be notified of any sub-processor changes with advance notice and opportunity to object as required by applicable privacy laws.

**Data Subject Rights**

We assist customers in responding to data subject requests by:

* Providing data export capabilities
* Enabling data correction through admin tools
* Supporting data deletion requests
* **Response commitment:** Within 48 hours of customer request

**International Transfers**

For transfers outside the EU/EEA:

* **Adequate countries:** Direct transfers (UK, Canada, Japan, South Korea)
* **Non-adequate countries:** Standard Contractual Clauses when required
* **Technical safeguards:** Encryption for all international data flows

**Data Return & Deletion**

**At contract termination:**

* Customer data export available for 30 days
* Complete data deletion within 60 days
* Deletion confirmation provided upon request

### How to Execute a DPA <a href="#how-to-execute-a-dpa" id="how-to-execute-a-dpa"></a>

**For New Customers**

1. **Request during procurement** - Let us know you need a DPA when requesting proposals
2. **Review and customize** - We'll create a DPA based on your requirements
3. **Execute alongside service agreement** - Both documents signed together

**For Existing Customers**

1. **Contact our team** - Email <dpo@eliapp.io>​
2. **Review requirements** - We assess your specific needs
3. **Provide executed DPA** - Typically within 5 business days

### DPA Template <a href="#dpa-template" id="dpa-template"></a>

**Ready to proceed?** Contact <dpo@eliapp.io> to discuss DPA requirements and creation for your organization.**Languages Available:** English, French

***

**For DPA requests and data processing questions, contact:** <dpo@eli.app>​

**Last Updated:** March 2026


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.eliapp.io/confidentialite-et-securite-en/data-privacy/data-processing-agreement.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.