Last Updated: 11/30/2025

This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions and governs the processing of personal data by uNotify (“Processor”, “we”, “us”) on behalf of the Customer (“Controller”, “you”, “your”) in connection with the use of the uNotify CRM, WhatsApp Business API integrations, and related services (“Services”).

This DPA ensures compliance with:

  • UK GDPR
  • EU GDPR (where applicable)
  • Bangladesh Data Protection Guidelines
  • Meta/WhatsApp Cloud API Data Requirements

1. Definitions

  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: uNotify, acting on behalf of you, the Controller.
  • Personal Data: Any information related to an identifiable individual.
  • Processing: Any operation performed on personal data.
  • Subprocessor: Third parties engaged by uNotify to provide the Services.
  • Meta Data: Data processed through the WhatsApp Cloud API.

2. Roles & Responsibilities

2.1 Controller Responsibilities

The Controller is responsible for:

  • Obtaining valid consent from end-users
  • Ensuring lawful collection of contact numbers and data
  • Ensuring messages comply with Meta policies
  • Providing accurate instructions to uNotify

2.2 Processor Responsibilities

uNotify will:

  • Process personal data only according to your instructions
  • Maintain strict confidentiality
  • Implement strong security measures
  • Inform you of any data incidents
  • Ensure compliance with GDPR and Meta data rules

3. Purpose of Processing

uNotify processes personal data solely to provide:

  • CRM services
  • WhatsApp Cloud API integration
  • SMS/Email messaging
  • Automation & workflows
  • Customer communication
  • Analytics and reporting
  • Technical support

No personal data will be used for advertising, profiling, or resale.

4. Categories of Data Processed

We may process the following data on your behalf:

  • Contact names
  • Phone numbers
  • Email addresses
  • WhatsApp messages
  • Message templates
  • Campaign data
  • Customer interactions
  • CRM records (notes, tags, labels, etc.)
  • IP addresses and logs

5. Subprocessors

To deliver the Services, uNotify uses trusted subprocessors such as:

  • Meta Platforms / WhatsApp Cloud API
  • Hosting providers (Datacenter/Cloud Servers)
  • Payment gateways
  • SMS/Email gateway providers
  • Analytics & monitoring tools

uNotify ensures all subprocessors meet GDPR-level data protection.

6. Data Location & Transfers

Data may be stored or processed in:

  • Bangladesh
  • United Kingdom
  • Meta Cloud servers
  • Secure international data centers

All transfers outside the UK/EU follow:

  • Standard Contractual Clauses (SCC)
  • GDPR-approved safeguards

7. Security Measures

uNotify implements the following:

  • SSL/TLS encryption
  • Server encryption
  • Firewalls & DDoS protection
  • Regular security audits & patching
  • Access-control & role-based permissions
  • Encrypted backups
  • Secure API architecture

8. Confidentiality

All personnel with access to data:

  • Are trained in data protection
  • Are bound by confidentiality agreements
  • Are authorized only as needed

9. Data Breach Notification

In case of a data breach affecting your data:

  • uNotify will notify you within 72 hours
  • Provide details of the breach
  • Provide mitigation steps
  • Cooperate with investigations

10. Data Retention & Deletion

Upon account cancellation:

  • All personal data is retained for up to 90 days
  • After 90 days, data is permanently deleted
  • Backups containing your data are automatically purged
  • Controller may request earlier deletion in writing

11. Cooperation & Data Rights

uNotify will support the Controller in responding to:

  • Data access requests
  • Correction, deletion, portability requests
  • Withdrawal of customer consent
  • Regulatory authority inquiries

12. Prohibited Processing

uNotify will never:

  • Sell personal data
  • Use data for advertising
  • Share data with unauthorized parties
  • Access message content unless required for support
  • Retain data longer than necessary

13. WhatsApp & Meta Compliance

When using WhatsApp Cloud API via uNotify:

  • All messages must follow WhatsApp Business Policy
  • Template approval requirements apply
  • Only opted-in contacts may be messaged
  • Illegal or restricted content is prohibited
  • Violations may result in account suspension (Controller responsibility)

uNotify is not liable for bans caused by misuse.

14. Audit Rights

The Controller has the right to:

  • Request documentation of security practices
  • Request system architecture transparency
  • Review compliance measures

Reasonable notice (15 days) is required.

15. Term & Termination of DPA

This DPA remains in effect as long as:

  • You use uNotify Services
    OR
  • uNotify processes your data on your behalf

Upon termination:

  • Data is deleted as defined in Section 10
  • Obligations regarding confidentiality continue indefinitely

16. Liability

uNotify’s total liability under this DPA is limited to the value of the last month of the customer’s subscription, excluding WhatsApp/SMS/Email fees.

17. Contact Information

For data protection inquiries:

Data Protection Officer (DPO)
uNotify
Email: support@unotify.me
Website: https://unotify.me

Bangladesh Office:
Doyamir Bazar, Osmaninagar, Sylhet- 3120

United Kingdom Office:
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ