Data Processing Agreement

Last updated: 1 January 2026

When you use Qrio as a business client, we act as a processor of personal data. To comply with the General Data Protection Regulation (GDPR), we offer a standard Data Processing Agreement (DPA).

1. Subject

This agreement applies to the processing of personal data by Qrio on behalf of the Client in the context of the delivery of Qrio software and services.

2. Processing of Personal Data

Qrio processes personal data exclusively on behalf of the Client and only insofar as necessary for the performance of the Main Agreement. The categories of data subjects are employees of the Client. The categories of personal data are names, email addresses, and progress data.

3. Security Measures

Qrio takes appropriate technical and organisational measures to protect personal data against loss or unlawful processing. These measures include encryption, access control, and regular security audits.

4. Sub-processors

The Client grants Qrio general permission to engage sub-processors. Our current sub-processors are:

  • Microsoft Azure (Hosting & Database, Region West Europe)
  • Postmark (Transactional email, EU servers)

5. Data Breach Notification

In the event of a data breach, Qrio will inform the Client without undue delay, and no later than 48 hours after discovery.

6. Download

You can download the full Data Processing Agreement here as a PDF (sample).
Download DPA (PDF)

We use cookies

To improve your experience and track anonymous statistics. View our privacy policy for more info.