Data Processing Agreement

Last updated: June 2026 · Version 2026-06-10

This Data Processing Agreement (DPA) forms part of the contract between you (the Controller) and IDEAL GENIUS ADVANCE SRL, VAT 37213946, Trade Reg. J40/3407/2017 (the Processor, “eFlo”), and governs the processing of personal data carried out by eFlo on your behalf when you use our platform and modular services. It is concluded under Article 28 of the GDPR (EU Regulation 2016/679).

1. Roles of the parties

For the data about your own business and your customers that you provide or connect to eFlo, you act as the data Controller and eFlo acts as the data Processor, processing it only on your documented instructions. For data about your own eFlo account (your name, email, billing), eFlo is the Controller — see the Privacy Policy.

2. Subject matter and purpose

eFlo processes personal data only to provide the agreed services: managing and optimising advertising campaigns (PPC), tracking and analytics setup, SEO, websites, creative and retention. Processing lasts for the duration of the contract and any legally required retention period thereafter.

3. Categories of data and data subjects

Account & contact data (names, emails, phone numbers) of your staff and leads.
Advertising & analytics identifiers (cookie IDs, online identifiers, campaign and conversion data).
Website behaviour and aggregated audience data.
Data subjects: your customers, website visitors and leads.

eFlo does not request or require special categories of data (Art. 9 GDPR).

4. Sub-processors

You authorise eFlo to engage the following sub-processors, each bound by data-protection obligations equivalent to this DPA. We will inform you of any intended changes and give you the chance to object.

Sub-processor	Purpose	Location	Policy
Cloudflare	Hosting, database (D1), file storage (R2), email, AI (Workers AI)	EU / Global	View
Google (Analytics 4)	Website usage statistics	EU / Global	View
Google Ads	Campaign delivery, attribution and conversion measurement	EU / Global	View
Meta Platforms	Facebook/Instagram campaigns, conversion measurement (Pixel/CAPI)	EU / USA (SCC)	View
TikTok	TikTok campaigns, conversion measurement (Pixel)	EU / Global	View

5. International transfers

Where a sub-processor transfers data outside the EEA (e.g. to the USA), the transfer is covered by appropriate safeguards such as the EU Standard Contractual Clauses (SCC) or an adequacy decision.

6. Data subject rights

eFlo assists you, taking into account the nature of the processing, in responding to requests from data subjects exercising their rights (access, rectification, erasure, restriction, objection, portability). If a data subject contacts eFlo directly, we forward the request to you without undue delay.

7. Retention and deletion

eFlo processes the data for as long as the services are active. On termination of the contract, and at your choice, eFlo deletes or returns the personal data processed on your behalf, except where retention is required by law (e.g. financial documents). Consent records are retained as proof of consent.

8. Security measures

Encryption in transit (HTTPS) and hashed credentials; secrets stored in a secure secret store.
Role-based access control and least-privilege access to data.
Tenant isolation between clients; audit logging of sensitive actions.
Rate limiting, prompt-injection guards and regular security reviews.

9. Breach notification

eFlo notifies you without undue delay after becoming aware of a personal data breach affecting the data processed on your behalf, providing the information you need to meet your own GDPR obligations.

10. Audits

On reasonable request, eFlo makes available the information necessary to demonstrate compliance with this DPA and supports audits conducted by you or an auditor mandated by you, subject to confidentiality.

11. Contact

Processor: IDEAL GENIUS ADVANCE SRL, România. For data-protection matters, write to info@eflo.ro. See also our Privacy Policy and GDPR page.