Try for Free

Log in

Data Processing Agreement (DPA)

Effective Date: April 28, 2026

This Data Processing Agreement (“DPA”) forms part of the Push0 Terms of Service entered into between the Customer (“Controller”) and Flying Dynamite Sp. z o.o. (“Processor” or “Provider”).

1. Purpose and Scope

This DPA governs the processing of Personal Data by the Processor on behalf of the Controller in connection with the provision of the Push0 Services (push notification infrastructure, API, SDK, and related services).

2. Definitions

Capitalized terms used but not defined in this DPA have the meanings given to them in the GDPR (Regulation (EU) 2016/679) and in the Push0 Terms of Service.

3. Roles of the Parties

The Customer is the Controller and the Provider is the Processor with respect to the Personal Data processed under this DPA. Each party shall comply with its respective obligations under applicable data protection laws, including the GDPR.

4. Instructions

The Processor shall process Personal Data only on documented instructions from the Controller. The Controller’s instructions are set out in the Terms of Service and this DPA. The Processor shall inform the Controller if, in its opinion, an instruction infringes the GDPR.

5. Duration of Processing

The Processor will process Personal Data for the duration of the Subscription Term plus any additional period required by applicable law or for legitimate business purposes (such as dispute resolution or regulatory compliance). Upon termination of the Services, the Processor shall, at the choice of the Controller, delete or return all Personal Data and delete existing copies, unless storage is required by law.

6. Nature, Purpose and Details of Processing

  • Subject matter: Provision of push notification delivery services.
  • Duration: Duration of the Subscription Term.
  • Nature and purpose: Receiving, storing, processing, and transmitting device tokens, notification content, and related data necessary to deliver push notifications and provide analytics.
  • Types of Personal Data: Device tokens, user identifiers, IP addresses, interaction data (opens, clicks), and any other Personal Data included by the Controller in notifications.
  • Categories of Data Subjects: End-users of the Controller’s mobile applications or services.

7. Security Measures

The Processor shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to encryption of data in transit and at rest, access controls, regular security testing, and incident response procedures.

8. Sub-processors

The Controller authorizes the Processor to engage sub-processors. The current list of sub-processors is available upon request. The Processor shall impose data protection obligations on any sub-processor that are at least as protective as those set out in this DPA and remains liable for the acts and omissions of its sub-processors.

9. Data Subject Rights

The Processor shall assist the Controller, to the extent reasonably possible, in fulfilling requests from Data Subjects to exercise their rights under the GDPR (access, rectification, erasure, restriction, portability, and objection).

10. Personal Data Breach Notification

The Processor shall notify the Controller without undue delay and, where feasible, not later than 48 hours after becoming aware of any Personal Data Breach. The notification shall include all information required under Article 33(3) of the GDPR to the extent available.

11. Audits and Inspections

Upon reasonable prior written notice and no more than once per calendar year (unless a breach has occurred), the Controller may audit the Processor’s compliance with this DPA. The Processor shall cooperate in good faith during such audits.

12. International Data Transfers

Any transfer of Personal Data outside the European Economic Area shall be carried out using appropriate safeguards, such as the EU Standard Contractual Clauses (Module 2 – Controller to Processor) or other valid transfer mechanisms under the GDPR.

13. Return or Deletion of Data

Upon termination of the Services, the Processor shall delete or return all Personal Data processed on behalf of the Controller, unless applicable law requires retention of such data.

14. Liability

The liability of the Processor under this DPA shall be subject to the limitations of liability set forth in the Push0 Terms of Service.

15. General Provisions

This DPA shall survive the termination or expiration of the Terms of Service. In the event of any conflict between this DPA and the Terms of Service, this DPA shall prevail with respect to the processing of Personal Data.

Flying Dynamite Sp. z o.o.
ul. Andersa 15/306a, 41-200 Sosnowiec, Poland
KRS: 0001090841

Contact: [email protected]

Push0
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.