1. Purpose
This Data Processing Agreement (“DPA”) governs how Romatop LLC handles personal data on behalf of clients.
2. Definitions
- Controller: the client submitting data
- Processor: Romatop LLC
- Personal Data: any identifiable information
3. Obligations of Romatop LLC
We agree to:
- Process data only for tax and accounting purposes
- Never sell or misuse data
- Keep data confidential
- Implement appropriate security measures
- Notify clients of a data breach within 72 hours
4. Subprocessors
We may use verified third-party providers for:
- Cloud storage
- Email services
- SMS
- Tax software
- Encrypted document delivery
We ensure all subprocessors comply with data protection obligations.
5. Data Retention
Data is retained as required by IRS rules (typically 3–7 years), after which it may be deleted upon request.
6. Client Rights
Clients may request:
- Access to their data
- Correction of inaccurate data
- Deletion (when legally allowed)
7. International Transfers
If data is transferred outside the U.S., Romatop ensures appropriate safeguards are in place.
8. Governing Law
This DPA is governed by Arizona law.