Skip to content
Younison

Data Processing Agreement

Last updated: 22 May 2026

1. Background and scope

This Data Processing Agreement (“DPA”) forms part of the agreement between Nutrapi Limited, trading as Younison (the “Processor”), and the customer (the “Controller”) for use of the Younison platform. It sets out how personal data is processed on the Controller’s behalf and applies whenever Younison processes personal data subject to the GDPR.

2. Definitions

“Controller,” “Processor,” “Sub-processor,” “Personal Data,” “Processing,” and “Data Subject” have the meanings given to them in the GDPR. “Customer Personal Data” means personal data processed by Younison on behalf of the Controller under the agreement.

3. Processing details

  • Nature: routing, storage, and management of customer communications.
  • Purpose: providing the Younison platform to the Controller.
  • Duration: the term of the Controller’s subscription.
  • Data subjects: the Controller’s customers and contacts.
  • Data categories: contact details, message content, and related metadata.

4. Younison obligations as Processor

Younison shall process Customer Personal Data only on documented instructions from the Controller, ensure that persons authorised to process the data are bound by confidentiality, and assist the Controller in meeting its obligations under the GDPR.

5. Security measures

Younison implements appropriate technical and organisational measures to protect Customer Personal Data, as further described in Schedule A.

6. Sub-processors

The Controller authorises Younison to engage the sub-processors listed in Schedule B. Younison will inform the Controller of any intended changes to its sub-processors and give the Controller the opportunity to object on reasonable grounds.

7. Data subject rights assistance

Younison shall, taking into account the nature of the processing, assist the Controller by appropriate measures in responding to requests from data subjects exercising their rights under the GDPR.

8. Data breach notification

Younison shall notify the Controller without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and shall provide information reasonably required to support the Controller’s own notification obligations.

9. Data deletion or return on termination

On termination of the agreement, Younison shall, at the Controller’s choice, delete or return all Customer Personal Data, unless retention is required by applicable law.

10. International transfers

Where Customer Personal Data is transferred outside the European Economic Area, Younison relies on Standard Contractual Clauses or another lawful transfer mechanism.

11. Audit rights

Younison shall make available to the Controller information reasonably necessary to demonstrate compliance with this DPA and allow for audits, including inspections, subject to reasonable notice and confidentiality.

12. Liability and indemnity

Each party’s liability under this DPA is subject to the limitations of liability set out in the Terms of Service.

13. Term and termination

This DPA remains in effect for as long as Younison processes Customer Personal Data on behalf of the Controller.

14. Governing law

This DPA is governed by the laws of Ireland.

Schedule A — Technical and Organisational Measures

  • Encryption of data in transit and at rest.
  • Role-based access controls and the principle of least privilege.
  • Regular backups and tested restoration procedures.
  • Logging and monitoring of access to personal data.
  • Staff confidentiality obligations and security awareness.
  • Documented incident response procedures.

Schedule B — List of Sub-processors

  • Hostinger — website and application hosting.
  • 360dialog — Business Solution Provider for WhatsApp messaging.
  • Google Workspace — business email infrastructure.
  • SMS providers — standard text message delivery.

Questions about this DPA can be sent to legal@younison.cloud.