Data Processing Agreement (DPA)
Last updated: July 8, 2026
This document governs the processing of personal data by TRI SOFTWARE SOLUTIONS SRL ("Processor") on behalf of the company using the Service ("Controller"), per Art. 28 GDPR, as part of the Terms of service.
1. Subject and purpose of processing
The Processor processes, on behalf of the Controller, the personal data contained in the documents, clients, suppliers and reports managed through the Service, solely to provide the app's functionality (invoicing, e-Factura, reports).
2. Documented instructions
The Processor processes data only on the Controller's documented instructions, conveyed through normal configuration and use of the app, unless required otherwise by law.
3. Confidentiality
Persons authorized to process data are bound by confidentiality obligations.
4. Sub-processors
The Processor may use sub-processors (e.g. cloud hosting providers, transactional email services) only under contracts requiring equivalent safeguards. The current list of sub-processors can be requested at info@facturifirma.ro; the Controller will be notified before any significant change.
5. Security measures
Appropriate technical and organizational measures are applied, detailed on the Security page: encryption in transit and at rest, tenant isolation, multi-factor authentication, access logging, periodic backups.
6. Breach notification
In the event of a personal data breach, the Processor will notify the Controller without undue delay, providing the information necessary for the Controller to fulfil its own notification obligations.
7. Assistance with data subject rights
The Processor will assist the Controller, to a reasonable extent, in responding to data subject requests regarding their GDPR rights.
8. Return and deletion of data
Upon termination of the Service, the Processor will allow the Controller to export its data and will delete or anonymize remaining data, except where retention is required by law (e.g. tax archiving).
9. Audit
The Controller may request reasonable information about the compliance of implemented security measures, under mutually agreed conditions, without affecting the security of other tenants on the platform.