Try Free – No Credit Card Required. Kickstart your Microsoft 365 Migration today!

Products

Pricing

Calendar Icon Book Free Demo

Start Free Trial

Data Processing Agreement

Apps4.Pro – Data Processing Agreement
(DPA) – EU-Only Processing

This Data Processing Agreement (“DPA”) is entered into between the Customer (Controller) and Apps4.Pro (Processor).
This version of the DPA applies when all processing is performed exclusively within the European Union (EU) 
and no personal data is transferred outside the EU/EEA. 

1. Definition

  “Controller” means the entity determining the purposes and means of the processing of Personal Data.  

  “Processor” means the entity processing Personal Data on behalf of the Controller.

  “Sub-processor” means any third-party engaged by the Processor to process Personal Data.

  “Personal Data” means any information relating to an identified or identifiable natural person. 

  “Processing” means any operation performed on Personal Data, including collection, storage, transfer, deletion.

2. Purpose and Scope 

The Processor shall process Personal Data only for the purpose of providing Microsoft 365 tenant-to-tenant migration services. Processing shall be carried out exclusively within the EU/EEA regions (Azure West Europe / North Europe).  

3. Roles and Responsibilities

The Controller determines the purposes and means of processing. The Processor shall process Personal Data only on documented instructions from the Controller and ensure its personnel are bound by confidentiality. 

4. Obligations of the Processor

  Process Personal Data only on documented instructions from the Controller. 

  Implement appropriate technical and organizational measures (TOMs) to protect Personal Data. 

  Assist the Controller in responding to requests from data subjects. 

  Notify the Controller without undue delay after becoming aware of a Personal Data Breach. 

  Maintain records of processing activities. – Make available to the Controller information necessary to demonstrate compliance. 

5. Sub-processors

The Controller authorizes the Processor to engage sub-processors as necessary to provide the services. The current sub-processor list includes:  

Microsoft Corporation (Azure Cloud Services)

  Purpose: Hosting and Storage  

  Location: Azure West Europe / North Europe 

  Certifications: ISO 27001, SOC 2, GDPR compliance 

The Processor shall notify the Controller of any intended changes concerning the addition or replacement of sub-processors.   

 6. Data Residency 

All processing activities under this DPA will be performed exclusively in Microsoft Azure’s EU datacenters (West Europe and/or North Europe). No transfers of Personal Data outside the EU/EEA will occur under this arrangement. 

7.Retention and Deletion 

The Processor shall not retain Personal Data longer than necessary to perform the services. Temporary data or caches created during migration are purged upon completion of the project, or earlier upon request of the Controller. No archival or backup copies are retained by the Processor. 

8. Technical and Organizational Measures (TOMs) 

The Processor implements the following TOMs: 

Encryption in transit (TLS 1.2+) and at rest (AES-256, Azure Storage Encryption). 

  Role-based access controls (RBAC) with least privilege principle. 

  Multi-factor authentication for administrative access. 

  Audit logging of system access and activity.  

  Physical and network security measures via Microsoft Azure EU datacenters. 

Employee confidentiality agreements and security training.

 9.Data Subject Rights 

The Processor shall assist the Controller in fulfilling its obligations to respond to data subject requests under GDPR, including access, rectification, restriction, portability, and erasure of Personal Data. 

10. Audit Rights 

The Controller may, upon reasonable notice, audit the Processor’s compliance with this DPA. Audits may include reviewing documentation or on-site inspections, subject to confidentiality obligations and reasonable limitations to avoid disruption. 

11. Liability 

The liability of each party under this DPA shall be subject to the limitations of liability agreed in the underlying Agreement, except where otherwise required by applicable law. 

Annex I – Details of Processing

Categories of Data Subjects: End-users, students, staff. 

Categories of Personal Data: User IDs, emails, Teams messages, files, metadata.  

Special Categories: None. 

Purpose: Tenant-to-tenant migration of Microsoft 365 services. 

Retention: Temporary, purged after completion. 

Annex II – Technical and Organizational Measures

See Section 8 above for detailed TOMs. 

Annex III – Sub-Processors

Current sub-processor list: 

Microsoft Corporation – Azure Cloud Services (Hosting & Storage, EU regions only). 

1
Bot Logo

Apps4.Pro Bot

Hey!👋 Ready to make your Microsoft 365 migration journey easier? Tell me what you’re looking.

What gets migrated?
I have a sales question
I'm here for tech support
Learn about Apps4.Pro
Logo

Unlock Seamless Transitions

Get Your Free M365 Migration Demo

See firsthand how our solution simplifies and secures your Microsoft 365 tenant-to-tenant migration. Book a free 1-on-1 demo and benefit from:

  • Expert Migration Guidance: Tackle your migration challenges with insights and best practices from our specialists.
  • Live Tool Walkthroughs: Watch our powerful migration features in action - how they handle your specific data, users, and workloads.
  • Tailored Strategies & Resources: Access tips, checklists, and tools designed to ensure a smooth and successful transition.
  • Open Q&A Session: Get clear answers to all your questions about migration planning, execution and post-migration support.
Header - Book Free Demo Popup

Let's schedule your demo

Charm Icon Trusted by 10k+ IT Pros Worldwide