info@qbri.digital
Tornimäe 5, 10145 Tallinn, Estonia
Sign in
Sign up

Book Appointment

Get Quote

WHATSAPP

0

No products in the cart.

banner

Data Processing Agreement

Last Updated: May 2026 | Effective Date: May 2026
Service Provider: QBRI OÜ (trading as QBRI Digital) · Registration Number: 16230937 | Address: Tornimäe 5, 10145 Tallinn, Estonia
For complete technical and legal details, see our Full DPA (PDF)

Quick Overview

This Data Processing Agreement (“DPA”) outlines how QBRI processes personal data on behalf of clients. As your data processor, QBRI acts under your instructions and maintains strict security, confidentiality, and compliance standards aligned with GDPR, CCPA, LGPD, and other applicable data protection laws.

Acceptance: By signing a Statement of Work, Proposal, Service Order, or other agreement with QBRI, you acknowledge and accept the terms of this DPA.

Key Definitions

  • Client: You — the organization that engages QBRI to provide services and process personal data on your behalf.
  • QBRI: The data processor (us) — responsible for processing personal data only according to your documented instructions.
  • Personal Data: Any information that identifies or could identify a person (name, email, IP address, device ID, location, etc.).
  • Processing: Any action we take with personal data — collection, storage, access, analysis, transmission, or deletion.
  • Data Subject: Any individual whose personal data we process (your customers, employees, end users, etc.).
  • Sub-Processor: Third-party vendors we use to help deliver services (cloud providers, analytics tools, payment processors, etc.).

What Data We Process

The specific data we process depends on your service agreement. QBRI provides services including:

  • IT Consulting & Digital Strategy
  • Web & Mobile Development
  • Digital Marketing & Analytics
  • Technical Support & Infrastructure
  • Cloud Hosting & Management

Personal data categories may include contact information, identification numbers, IP addresses, device information, location data, employment records, financial data, or other categories you specify in your service agreement.

Our Commitments as Your Data Processor

Follow Your Instructions

QBRI processes personal data only as you instruct. We will not use, sell, or disclose your data for any purpose outside our service agreement without your written permission.

Protect Your Data with Advanced Security

We implement industry-leading security measures:

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Multi-factor authentication (MFA) and role-based access for all staff
  • Network Security: Firewalls, intrusion detection, and network segmentation
  • Monitoring: 24/7 logging and monitoring for suspicious activities
  • Patching: Critical security updates applied within 30 days
  • Backups: Regular encrypted backups with secure recovery procedures
  • Staff Training: All personnel receive data protection training and sign confidentiality agreements
  • Audits: Regular internal and external security assessments

Maintain Confidentiality

Only authorized QBRI personnel with a documented need-to-know have access to your data. All staff sign confidentiality agreements that survive their employment.

Assist with Data Subject Rights

When your customers or employees request access to their data, ask for corrections, or request deletion, we’ll assist you within 15 business days. We support all GDPR rights including:

  • Right of Access — provide copies of personal data
  • Right to Correction — update or fix inaccurate data
  • Right to Erasure — delete data (where legally permitted)
  • Right to Restrict Processing — limit how we use data
  • Right to Data Portability — export data in standard formats (CSV, JSON)
  • Right to Object — stop processing under certain conditions

Questions or Concerns?