CloudPrint

Legal

Data Processing Agreement

This agreement applies when CloudPrint processes customer-controlled personal data as a processor for remote printing workflows.

Last updated
17 June 2026
Contact
info@cloudprint.me

1. Scope and incorporation

This Data Processing Agreement forms part of the Terms and Conditions or other written agreement between Customer and CloudPrint. It applies only where CloudPrint processes personal data on behalf of Customer as a processor under GDPR or similar data protection laws.

If there is a conflict between this DPA and the Terms for processor processing, this DPA controls for that processing. The Privacy Policy applies where CloudPrint acts as controller.

2. Roles

Customer is the controller of Customer Personal Data, or a processor acting on behalf of another controller. CloudPrint is Customer's processor, or subprocessor where Customer acts as processor.

"Customer Personal Data" means personal data contained in Customer Data that CloudPrint processes on behalf of Customer through the Services, including print documents, print-job metadata, printer routing information, account administration data and support data.

3. Customer instructions

CloudPrint will process Customer Personal Data only on documented instructions from Customer, including through the Terms, Documentation, account settings, API requests, print jobs, support requests and this DPA.

CloudPrint may process Customer Personal Data where required by EU, Member State or other applicable law. Where permitted, CloudPrint will inform Customer of that legal requirement before processing.

If CloudPrint believes an instruction infringes data protection law, CloudPrint may notify Customer and suspend the affected processing until the issue is resolved.

4. Customer obligations

Customer is responsible for:

  • having a valid legal basis and notices for Customer Personal Data;
  • ensuring that instructions to CloudPrint are lawful, clear and documented;
  • using CloudPrint only for personal data that Customer is allowed to process through the Services;
  • configuring accounts, users, API clients, local agents and printers securely;
  • not submitting special category, criminal-offence or highly sensitive data unless lawful and agreed with suitable safeguards;
  • responding to data subjects, regulators and Customer's own controllers where Customer is a processor.

5. Confidentiality

CloudPrint will ensure that persons authorized to process Customer Personal Data are bound by confidentiality duties or are under an appropriate statutory duty of confidentiality.

6. Security

CloudPrint will implement appropriate technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, taking into account the nature of the Services, processing risks, implementation costs and available technology.

Customer remains responsible for security in Customer-controlled systems, including printers, local networks, local agent hosts, operating systems, credentials, API clients and user devices.

7. Subprocessors

Customer gives CloudPrint general authorization to use subprocessors for the Services. CloudPrint will impose data protection obligations on subprocessors that are no less protective, in substance, than the obligations in this DPA for the services they provide.

CloudPrint may add or replace subprocessors where needed for the Services. Customer may request current subprocessor information by contacting info@cloudprint.me. Customer may object to a new subprocessor on reasonable data protection grounds. If the parties cannot resolve the objection, Customer may stop using the affected Services.

8. International transfers

CloudPrint may process Customer Personal Data in the European Economic Area and in other countries where CloudPrint or its subprocessors operate. Where a transfer requires safeguards, CloudPrint will use a valid transfer mechanism such as an adequacy decision, standard contractual clauses or another lawful safeguard.

9. Data subject requests

CloudPrint will, taking into account the nature of the processing, provide reasonable assistance to Customer for data subject requests relating to Customer Personal Data. If CloudPrint receives a request directly, CloudPrint may redirect the requester to Customer unless law requires otherwise.

10. Security incidents

CloudPrint will notify Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data. The notice will include available information reasonably needed for Customer to assess the incident, subject to security, legal and confidentiality constraints.

Customer is responsible for breach notifications required because of Customer systems, credentials, printers, local agents, integrations or instructions.

11. Audit, information and assistance

CloudPrint will make available information reasonably necessary to demonstrate compliance with this DPA. Where legally required and no other information is reasonably sufficient, Customer may request an audit no more than once per year, with at least 30 days' notice, during normal business hours and under confidentiality obligations.

Audits must not compromise CloudPrint security, availability, confidentiality, trade secrets or other customers' data. CloudPrint may satisfy audit requests through policies, summaries, security questionnaires, independent reports or remote review instead of onsite access.

CloudPrint will provide reasonable assistance for data protection impact assessments and regulator consultations where Customer cannot reasonably handle the matter without CloudPrint and where the request relates to the Services.

12. Return or deletion

On termination or expiry of the Services, CloudPrint will delete or return Customer Personal Data in accordance with the Services, Documentation, account functionality and applicable law. CloudPrint may retain copies where required by law, security, backup, dispute, accounting or compliance needs, provided retained data remains protected.

13. Liability

Liability under this DPA is subject to the exclusions and limitations in the Terms, except where data protection law does not allow such limitation. Customer remains liable for its own compliance, instructions, Customer Data, local systems and use of the Services.

Annex 1. Processing details

Subject matter Remote printing, document upload, print-job routing, printer discovery, account administration, support, security and operational diagnostics.
Duration For the term of Customer's use of the Services and any period required for deletion, backup, support, security, legal, accounting or dispute purposes.
Nature and purpose Hosting, storing, transmitting, converting where applicable, routing, printing, logging, securing, troubleshooting and supporting Customer print workflows.
Data subjects Customer users, administrators, staff, contractors, end customers, recipients, support contacts and other individuals whose data Customer submits to CloudPrint.
Personal data categories Names, emails, account identifiers, user roles, printer metadata, agent metadata, IP addresses, logs, document metadata, print-job data, support messages and any personal data in documents Customer chooses to upload or print.
Special categories Not intended. Customer must not submit special category or criminal-offence data unless Customer has a lawful basis and appropriate safeguards.

Annex 2. Security measures

  • encrypted transport for service communication where supported by the protocol;
  • authentication, authorization and account access controls;
  • separation of production secrets and restricted administrative access;
  • logging, monitoring and incident response processes;
  • backup, recovery and availability measures appropriate to the Services;
  • least-privilege access for personnel and service providers;
  • secure development, review and deployment practices for application changes;
  • customer-controlled local agent installation, printer access and network configuration.

Annex 3. Subprocessor categories

CloudPrint may use subprocessors in these categories:

  • cloud hosting, compute, database, object storage and network providers;
  • email, notification and customer support providers;
  • monitoring, logging, analytics, security and error tracking providers;
  • payment, billing, accounting and tax providers;
  • professional advisers and compliance service providers where needed.