Oris Invoiceby ORIS Intelligence
Start free
🇪🇬 Egypt home
Egypt · EG

Data Processing Agreement

The data-processing terms that apply when Oris Invoice processes personal data on your behalf as a data processor.

Aligned with: Egyptian PDPL 151/2020·Effective: April 29, 2026

Not legal advice. This page is a templated baseline aligned with Egyptian PDPL 151/2020. It does not constitute independent legal advice and has not been reviewed by counsel for your specific circumstances. For questions or to request the executed PDF version, email legal@orisinvoice.com.

1. Definitions

"Controller", "Processor", "Personal Data", "Processing", "Data Subject" have the meanings in Egyptian PDPL Law 151/2020 Art. 1. "Customer Personal Data" means Personal Data within Customer Data we process on your behalf.

2. Roles and instructions

You are the Controller; we are the Processor. We process Customer Personal Data only on your documented instructions, including with regard to international transfers, unless required by Egyptian law.

3. Confidentiality and personnel

Personnel are bound by confidentiality and trained on data protection. Access is need-to-know with role-based access controls.

4. Security measures (PDPL Art. 9)

Encryption at rest (AES-256-GCM) and in transit (TLS 1.3); regular vulnerability scanning; network segmentation; least-privilege access; incident detection and response; personnel background checks.

5. Sub-processors

You authorise sub-processor engagement. Current list available; 30 days' notice before changes (with reasonable objection right). We remain liable for sub-processor performance.

6. Data subject rights (PDPL Art. 4)

We assist you in responding to data-subject requests via self-service export tools and processor support.

7. Data breach notification (PDPL Art. 9)

We notify you without undue delay (within 72 hours of becoming aware) of any Personal Data Breach, with information needed for your obligation to notify the Personal Data Protection Center (CPDC) and affected data subjects.

8. International transfers (PDPL Art. 14)

Transfers outside Egypt rely on adequacy decisions, controller-to-processor contracts approved by CPDC, or other lawful transfer mechanism under PDPL.

9. Audits

Audit on reasonable notice at your cost, max once per 12 months (or after a Personal Data Breach). SOC 2 Type II + ISO 27001 reports satisfy most audit requirements.

10. Return or deletion

On termination, return data in machine-readable format and/or delete it (subject to 35-day backup retention and 5-year statutory retention under Egyptian Tax Procedures Law).

11. Liability and conflicts

This DPA forms part of our Terms of Service. In conflict, this DPA prevails on data-protection matters. Liability subject to Terms limits except where Egyptian PDPL mandates otherwise.

12. Effective date

Effective on Terms acceptance. Material changes notified 30 days in advance.