How can we help?

Document version 2.1

Date: 30.06.2026

This document sets out the terms and conditions for the provision of technical support services for the Product purchased by the Customer, unless otherwise agreed in the purchase agreement between the Customer and SMSEagle.

1. GENERAL PROVISIONS

1. This Technical Support Services Policy (“Policy”) sets out the detailed rules, scope, terms, conditions, limitations, and exclusions related to the provision of technical support services for SMSEagle products.
2. Technical support services (“Services”) are provided by SMSEagle to the Customer under the terms and conditions set forth in this Policy and the agreement under which the Customer purchased the Product (“Agreement”). The Agreement shall be understood, in particular, as the terms, conditions and regulations, the acceptance of which is a prerequisite to purchase and use the Product.
3. The Policy forms an integral part of the Agreement between SMSEagle and the Customer. In the event of any discrepancies relating to the terms and conditions of technical support services, the provisions of the Policy shall prevail.
4. The commercial terms and conditions for the provision of the Services are specified in the Agreement or during the process of ordering the Services (or in another unambiguous manner).
5. Acceptance of the Policy is effected by accepting this document on the Website (or in another unambiguous manner) and is a prerequisite for the Customer to use the Services.

2. SCOPE OF SERVICES

1. SMSEagle undertakes to provide the Services with due care, using its expertise and available technical resources to diagnose and attempt to resolve the problems reported by the Customer. The Services are provided on an "as-is" basis with regard to the final result. SMSEagle does not guarantee that each service request will result in a complete solution to the problem, restoration of full functionality, or elimination of errors, in particular if they result from external factors, incompatibility of third-party software, or the specific configuration of the Customer's environment.
2. Support within the Services is provided in English or Polish, depending on the Customer's needs. The territorial scope of the Services is global.
3. As part of the active package, SMSEagle provides support, exclusively in a remote form, in the following areas:
   • analysis and diagnostics of problems related to the functioning of the Product;
   • support in the configuration of devices and software;
   • support for APIs and integration (including HTTP/REST, Email2SMS, webhooks, plugins);
   • support in optimizing system performance (logs, monitoring, rotation, queue cleaning);
   • access to software updates during the term specified in the  Agreement;
   • best-effort implementation support for integration with systems indicated as supported by SMSEagle (in particular monitoring/NOC, BMS, SIEM, ticketing, CRM/ERP), where the list of supported systems is available at https://www.smseagle.eu/integration-plugins/;
   • assistance in restoring factory settings and configuration (if possible);
   • advice on best practices: network security, maintenance, backup policies.
4. In order to ensure the highest quality of service and to clearly define the limits of liability, SMSEagle indicates that the Services do not cover, in particular:
   • hardware repairs, physical replacement of components, or Return-Merchandise-Authorization (RMA)/logistics procedures related to equipment servicing, which are governed by separate General Warranty Terms and Conditions;
   • work performed at the Customer's premises (on-site);
   • the creation of dedicated software or modification of source code;
   • support for End-of-Life (EOL) Products, i.e., devices for which production, sales, and technical support have been discontinued. A list of discontinued Products and a calendar is available at https://support.smseagle.eu/hc/en-us/articles/6416612572561-Retirement-calendar-for-SMSEagle-products;
   • administration of the Customer's infrastructure (networks, servers, databases);
   • responsibility for the actions of third parties (cellular operators, SMSC, e-mail providers, , etc.);
   • support for Products in which unauthorized modifications to the operating system have been made, or third-party software not approved by SMSEagle has been installed;
   • guaranteeing the complete removal of any reported irregularities – SMSEagle provides commercially reasonable effort and due care.

3. CUSTOMER OBLIGATIONS

1. The Customer is obliged to cooperate with the SMSEagle technical support team and to implement the diagnostic recommendations provided. In particular, the Customer is obliged to:
   • provide access to Products and data (in particular device logs) – the Customer must ensure that both parties have the rights to use the relevant Products and data in order to provide the Services. If this has not yet been provided, the Customer is responsible for ensuring this access before submitting a support request;
   • cooperate with the technical support team – the Customer should cooperate and follow the instructions provided by representatives of the SMSEagle technical support team (checklists, tests, reproduction scenarios), as most issues can be resolved remotely through cooperation and following guidelines;
   • keep the Product up to date with the current software version and install required updates – the Customer must update the software and products to the minimum required versions (i.e., the current stable system versions specified by SMSEagle) and install any patches or updates in accordance with SMSEagle's instructions in order to remain eligible for support;
   • regularly back up data – the Customer should create backups of all data on their own;
   • protect credentials and confidential data – the Customer should not disclose passwords or confidential information, including personal data, to technical support representatives unless it is absolutely necessary for the proper performance of the Service (data minimization principle);
   • maintain professional communication within the Services – the Customer may not include offensive, aggressive, or vulgar content in any messages or files sent to the technical support team. Any use of discriminatory language, threats, harassment, or inappropriate material is strictly prohibited and may result in a warning, followed by suspension of the Service or further action deemed necessary by SMSEagle.
2. Failure to cooperate on the part of the Customer or violation of the Policy by the Customer entitles SMSEagle to refuse to provide the Services or limit their scope.

4. SERVICE HOURS AND CONTACT CHANNELS

1. Support is provided only on Business Days, from Monday to Friday, between 8:00 AM and 5:00 PM CET/CEST. For the purposes of this Policy, "Business Days" shall mean days from Monday to Friday, excluding public holidays in Poland and days on which banks in Poland are closed for general business.
2. The following channels of communication with SMSEagle are available:
   • technical support portal https://support.smseagle.eu;
   • email address support@smseagle.eu;
   • other channels formally indicated by SMSEagle.
3. The support ticket should include at least:
   • the device serial number;
   • a description of the problem;
   • steps to reproduce the problem;
   • system logs (if necessary).

5. SERVICE LEVEL AGREEMENT

1. SMSEagle provides Services in accordance with the Service Level Agreement (SLA) standards specified in Schedule No. 1 to this Agreement. The SLA defines the response times, status update frequencies, and priority levels applicable to the services provided to the Customer.
2. Unless otherwise specified in a separate Agreement, all repair or workaround times are estimates and do not guarantee the timely resolution of the issue.

6. FAIR USE POLICY

1. The Service is subject to the fair use policy. The purpose of this fair use policy is to ensure equal and fair access to the technical support team's resources for all Customers and to prevent practices that could place an excessive burden on the team and reduce the quality of service for other customers.
2. The following, in particular, are considered to be an abuse of the fair use policy and activities that go beyond the standard scope of the Services:
   • out-of-scope requests – repeatedly sending inquiries about external systems, third-party software, or problems resulting from incorrect configuration of the Customer's infrastructure that is not directly related to the Product;
   • unjustified escalations – notoriously assigning the highest priority to requests, even though they do not meet the criteria for such priority;
   • aggressive communication – using profanity, threats, or abusive language towards the technical support team;
   • monopolization of resources – generating an excessive number of tickets (so-called spam) that are clearly intended to force a dedicated consultation rather than to resolve actual technical issues.
3. Abuses may result in:
   • a warning – a formal notice sent electronically, indicating the specific violation and calling for compliance with the Policy;
   • temporary restriction of the Services – suspension of access to selected support channels or lowering the priority of all Customer requests for a period of 30 days, refusal to process a request or making its processing conditional on the Customer paying an additional fee agreed with SMSEagle;
   • termination of the agreement – termination of the Agreement for the provision of Services, without the right to a refund of fees paid, in the event of persistent violation of the rules and after prior warning.

7. SERVICE TERM AND RENEWAL

1. The term of the Services begins on the date indicated on the invoice.
2. The term of the Services depends on the package purchased. It may be:
   • 24 months in the Standard package (included in the purchase of the Product);
   • 36/60 months in the Extended package (requires separate purchase);
   • 60 months in the Extended Technical Support Services package (requires separate purchase);
   • 12/24/36 months in the Post-Warranty Support Care Pack (requires separate purchase).
3. The Services are renewed under the terms and conditions in effect on the renewal date. Renewal may be effected by purchasing Post-Warranty Support Care Packs, in accordance with the current SMSEagle offer.

8. TERMINATION

1. If the Customer purchased the Services from the reseller or authorized partner, the rules for returns, cancellations, and refunds are specified on the invoice or in other sales documentation provided by that reseller or authorized partner. To make a return or cancellation, please contact the reseller or authorized partner directly.
2. SMSEagle reserves the right to terminate the Services at any time during the term of their provision for the following reasons:
   • failure to pay for the Services;
   • gross violation of the Policy;
   • sending offensive or prohibited content;
   • abuse of the fair use policy.
3. SMSEagle and the Customer who purchased the Services directly from SMSEagle may terminate the agreement concluded on the basis of acceptance of this Policy with at least 30 days' notice. SMSEagle will refund the funds for the unused, prepaid period of the Services, in proportion to the period during which the Services will not be provided.
4. Subject to mandatory consumer protection laws, if SMSEagle terminates the agreement for the reasons listed in sec. 8.2., the Customer shall not be entitled to a refund of any fees already paid or exemption from fees due to SMSEagle.
5. The Services described in this Policy are provided independently of any hardware warranty. The expiration or termination of the Services does not affect the validity and duration of the hardware warranty assigned to the Product.

9. TRANSFER OF SERVICE AND RIGHTS

1. The Customer has the right to transfer the Services to a third party, only with the permanent transfer of ownership of the Product to which the Services are linked. In this case, the new owner is obliged to accept the Policy in its current form.
2. A one-time transfer of the assigned Services between physical Products belonging to the same Customer is permitted, provided that the new Product is first registered in the SMSEagle’s system.
3. The effectiveness of the transfer of the Services depends on:
   • making a formal request via the customer panel or the official SMSEagle technical support channel;
   • deactivation of the Services in the original Product (if applicable).
4. Each subsequent attempt to transfer the Services beyond the specified limit requires separate consent from SMSEagle and may be subject to an additional administrative fee in accordance with the current price list.

10. LIABILITY

1. SMSEagle shall not be liable to the Customer for any indirect or consequential losses, including loss of profits of any kind and loss of customers, sales, margin, production, image, provided that the above exclusion does not apply to damage caused by SMSEagle willfully (intentionally).
2. SMSEagle's liability in connection with any claim caused by, related to, or arising from the use of the Services or the sum of such claims shall never exceed the cost of the Product in respect of which the damage occurred, unless such limitation of liability is not permitted under applicable Polish law.
3. With regard to SMSEagle's liability for any claims by the end user, SMSEagle's liability is limited only to situations where the damage is the result of a direct action or omission by SMSEagle and only to the cost of the Product in respect of which the damage occurred, unless such limitation of liability is not permitted under applicable Polish law. The Customer undertakes not to contribute to the occurrence or increase of damage suffered as a result of satisfying end user claims. When submitting an end user claim to SMSEagle, the Customer shall attach all documents relating to the satisfaction of the claim, and SMSEagle shall respond to the Customer's claim on this basis only after receiving the aforementioned documents.
4. SMSEagle shall not be liable in particular for:
   • loss of data or configuration;
   • lost profits of the Customer;
   • indirect or consequential damages;
   • actions of third parties.
5. The provisions of this section do not apply to Customers who are consumers.

11. LIABILITY TOWARDS CONSUMERS

1. SMSEagle is obliged to provide the Services in accordance with the Agreement, the Policy, and with due care.
2. In the event of non-compliance of the Services with the Agreement, the consumer shall be entitled to the rights specified in Chapter 5B of the Act of May 30, 2014 on consumer rights.
3. SMSEagle, in accordance with applicable regulations, is liable to consumers for physical or legal defects in the Services.
4. If the Services do not function properly, the consumer may demand that they be brought into compliance with the contract.
5. The provisions of this section apply only to Customers who are consumers and natural persons concluding a contract directly related to their business activity, when the content of this contract shows that it is not of a professional nature for them (sole traders on consumer rights).

12. CONFIDENTIALITY AND DATA PROCESSING

1. The parties undertake to keep confidential all information obtained in connection with the performance of the Services, including technical, commercial, and personal data (“Protected Data”). The Customer acknowledges that before proceeding with technical support, they are required to make a backup copy of the Protected Data. SMSEagle shall not be liable for any loss of data resulting from maintenance activities.
2. During the troubleshooting process, it may be necessary to provide SMSEagle's technical support team with data from the Customer's systems. SMSEagle provides several methods for transferring this data, including, but not limited to, email and the technical support portal. Unless expressly requested by SMSEagle, the Customer shall not directly transfer any Protected Data to SMSEagle's technical support resources.
3. To the extent that the provision of the Services requires the processing of personal data, such processing shall be governed by the data processing agreement set out in Schedule No 2 to the Agreement.
4. If SMSEagle requests Protected Data, the Customer shall make the requested Protected Data available and transfer it to SMSEagle using a mutually agreed secure method and to a location specified by SMSEagle. If such data is transferred to SMSEagle by a method other than the secure method agreed upon by the parties, or to an unspecified location, SMSEagle shall not be liable to the Customer for any damages (including loss of revenue), whether contractual or tortious, related to such transmission, even if SMSEagle has been advised of the possibility of such damages.
5. SMSEagle declares that the Protected Data will be available only to the technical support team with the appropriate authorizations to process it to the extent necessary to perform the Services. Detailed rules for data processing are set out in the Privacy Policy available on the Website.

13. THIRD-PARTY COMPONENTS

1. The proper functioning of the Product may require the use of third-party components. These components may include, but are not limited to, databases, operating systems, and web servers. SMSEagle assists in the implementation of the Product with these components, but does not provide direct support for third-party components.
2. The Customer is responsible for configuring these components and ensuring that other applications are working in the desired configuration before contacting SMSEagle technical support for any Product-related issues.
3. In some cases, SMSEagle technical support may be available to cooperate and provide information to third-party vendors. If a defect in third-party software causes the Product to perform less than optimally, SMSEagle technical support will identify the third-party component so that the Customer can find a solution with the appropriate vendor.

14. FORCE MAJEURE

1. SMSEagle shall not be in breach of the Policy if its total or partial failure to perform or improper performance of its obligations under the Policy is caused by an event of force majeure. For the purposes of the Policy, the term "force majeure" means any extraordinary events that could not have been prevented and are beyond the control of SMSEagle, regardless of whether they could have been foreseen on the date of conclusion of the agreement ("Force Majeure"). Force Majeure includes, in particular, random events such as fire, hurricane, or other disasters caused by forces of nature, orders of state or government authorities, including those prohibiting business activity, war, riots, acts of terrorism, blockades of sea routes, uprisings, embargoes, social unrest, pandemics, epidemics, states of epidemiological emergency, export or import bans, or general strikes.
2. If SMSEagle is unable to perform its obligations under the Policy or if this is impeded by reasons of Force Majeure, it shall inform the Customer, if possible, of the impossibility or impediment, explaining the reason. The performance of the Agreement shall be suspended for the duration of the Force Majeure event. SMSEagle shall notify the Customer immediately after the cause of the suspension has ceased to exist.

15. INTELLECTUAL PROPERTY

1. All materials made available to the Customer as part of the provision of the Services, including in particular documentation, guides, code fragments, auxiliary scripts, and knowledge bases ("materials"), remain the exclusive property of SMSEagle.
2. SMSEagle grants the Customer a time-limited, non-exclusive, and non-transferable license to use the above materials for the duration of the Services.
3. The license is granted solely for the purpose of supporting the operation and maintenance of Products owned by the Customer.
4. In particular, the Customer is prohibited, without the prior written consent of SMSEagle, under pain of nullity, from:
   • sharing the materials with third parties;
   • using the materials with products or services of competing companies;
   • reselling or commercially reproducing the materials made available.

16. COMPLAINTS

1. Complaints may be submitted in writing to the registered address of SMSEagle or in electronic form to the SMSEagle email address.
2. The complaint should include data enabling the identification of the Customer, the subject of the complaint, and the Customer's request related to the complaint.
3. A response to the complaint will be provided within 14 days to the email address provided at the time of conclusion of the Agreement. SMSEagle is also entitled to respond to the complaint by traditional mail.
4. A Customer who is a consumer has the right to use extrajudicial means of dealing with complaints and pursuing claims. Among other things, such a Customer has the right to apply to a permanent consumer arbitration court with a request to settle a dispute arising from the concluded Agreement. Detailed information on out-of-court methods of handling complaints and pursuing claims is available on the website at www.uokik.gov.pl.

17. FINAL PROVISIONS

1.  The content of the Policy is continuously available on the Website.
2. The manner in which the Policy is made available allows it to be obtained, reproduced, and recorded by saving it on a medium or printing it at any time.
3. Descriptive headings have been included solely for the purpose of facilitating the use of the Policy and do not affect its interpretation or content.
4. If any provision of the Policy proves to be invalid, ineffective, unlawful, or unenforceable in whole or in part, such circumstance shall not affect the validity of the remaining provisions of the Policy (severability clause).
5. The content of the legal relationship between SMSEagle and the Customer, in addition to the Policy, is also determined by the terms and conditions provided during the conclusion of the Agreement with SMSEagle, the content of the statements made by the Customer, and the provisions contained in other documents and content made available to the Customer prior to the conclusion of the Agreement.
6. In matters not covered by the Policy, the provisions of Polish law shall apply. In the case of Customers who are consumers, the choice of law does not deprive them of the protection granted under provisions that cannot be excluded by agreement under the law of the country in which the consumer has their habitual residence.
7. Any disputes arising from the Policy shall be settled by the court having jurisdiction over the registered office of SMSEagle, except that this determination of jurisdiction shall not apply to Customers who are consumers.
8. SMSEagle reserves the right to make changes to the Policy for important reasons, in particular due to changes in the law or changes in the model of providing the Services, changes in the manner of concluding agreements, or changes in the functionality of the Services. The currently valid version of the Policy will always be available on the Website. SMSEagle will notify the Customer of any planned changes to the Policy at least 14 days before the planned date of entry into force of the changes to the Policy. The Customer is entitled to object to changes in the Policy, which will result in the termination of the Agreement upon expiry of the notice period.

SCHEDULE NO. 1 
SERVICE LEVEL AGREEMENT (SLA)

1. DEFINITIONS AND INTERPRETATION

1. For the purposes of this SLA, the following definitions shall apply:
2. "Response Time" - the time interval between the receipt of a Ticket via the designated support channel and the first substantive response provided by an SMSEagle technician;
3. "Business Day" - any day from Monday through Friday, excluding public holidays in Poland and any other days on which commercial banks in Poland are officially closed for general business;
4. "Business Hours" - the period from 8:00 AM to 5:00 PM (08:00–17:00) Central European Time (CET) or Central European Summer Time (CEST), depending on the time zone currently applicable in Poland;
5. "Ticket" - a formal request for technical assistance submitted by the Customer in accordance with the requirements set forth in the Policy;
6. "Workaround" - a temporary solution or configuration change that reduces the impact of a physical defect but does not constitute a final resolution;
7. "Status Update" - a follow-up communication from SMSEagle to the Customer providing information on the current progress of resolving the Ticket, intended to keep the Customer informed of the actions taken even if a final resolution has not yet been achieved.

2. PERFORMANCE METRICS AND SERVICE LEVELS

1. SMSEagle shall use its best efforts to meet the following Response Time and Status Update targets during Business Hours:

1. Any deadline expressed in "Business Hours" shall only be calculated within the Business Hours window. If a Ticket is submitted outside of Business Hours, the period for performance shall commence at the beginning of the next Business Day.
2. All support requests must be submitted via designated channels: Support Portal (https://support.smseagle.eu) or Email (support@smseagle.eu).

3. LEGAL CHARACTER OF THE SLA

1. The Response Times and Status Update frequencies set forth in this Schedule are targets and do not constitute a guarantee of issue resolution within any specific timeframe.
2. Unless otherwise expressly agreed in a separate written agreement, a failure to meet the Response Time or Status Update targets shall not constitute a material breach of the Policy and shall not entitle the Customer to any service credits, price reductions, or liquidated damages. The preceding sentence shall not deprive consumers of any claims they may have under generally applicable laws.
3. The Customer’s sole and exclusive remedy for SMSEagle’s failure to meet the SLA targets is the internal escalation procedure.

4. PRIORITY CLASSIFICATION AND MANAGEMENT

1. The priority level of the submitted Ticket determines the response time guarantee:
 

PRIORITY-1: BUSINESS CRITICAL – this priority applies to situations where the SMSEagle device is completely unusable or a key function essential to business operations is completely unavailable and there is no workaround or alternative solution. The problem directly affects production environments, causing a complete shutdown of critical messaging functions or other essential capabilities.

Examples:

• The device does not power up or connect to the network;
• Sending/receiving SMS messages in a live environment is completely non-functional;
• Authentication or access to the device is blocked, preventing any use of the device

Exclusions: Does not include issues occurring in staging, test, or development environments.

PRIORITY-2: REDUCED USABILITY – this priority covers issues that cause periodic instability, reduced performance, or limited functionality of the SMSEagle device. The device remains operational, but the quality of service is noticeably degraded. A workaround may exist, but it is not stable or sufficiently efficient for long-term use.

Examples:

• Occasional errors in delivering or receiving SMS messages;
• The device unexpectedly reboots but resumes operation;
• Some features work inconsistently or with reduced reliability.

Exclusions: Does not include development issues, feature requests, or issues in non-production (staging/test) environments.

PRIORITY-3: INSTRUCTION / SUPPORT – this priority is assigned to non-urgent requests for assistance with configuration, usage, or general guidance regarding SMSEagle devices and services. These tickets do not involve bugs, crashes, or reduced performance, but are intended to help users understand features, optimize settings, or integrate with other systems. Priority 3 tickets are typically informational in nature and are intended to improve the user experience or knowledge.

Examples:

• Step-by-step instructions for configuring device features or integrations;
• Advice on best practices for security, backups, or performance optimization;
• Guidance on using APIs, plugins, or supported third-party systems;
• Explanations of product documentation or capabilities.

2. SMSEagle reserves the right to reclassify the priority level at any time if it reasonably believes the classification is incorrect. If a Customer fails to select a priority, the system will default to Priority 3.

5. CONDITIONS PRECEDENT AND CUSTOMER OBLIGATIONS

1. SMSEagle’s obligation to perform Services within the Response Times is strictly conditional upon:
2. the Customer having a valid and fully paid agreement;
3. the Customer providing all required information, including serial numbers and detailed defect descriptions;
4. the Customer ensuring the availability of qualified technical personnel and providing necessary remote access for diagnostics.

6. ESCALATION PROCEDURE

1. If a Response Time target is exceeded by more than 100%, the Customer may request an internal review by the SMSEagle support team lead. This procedure is intended to prioritize resources and ensure the fastest possible resolution but does not modify the legal limitations of liability set forth in this agreement.

SCHEDULE NO. 2
DATA PROCESSING AGREEMENT

1. For the purpose of this Data Processing Agreement (the “DPA”), the Customer shall be deemed the controller (“Controller”), and SMSEagle shall be deemed the processor (“Processor”).
2. To the extent that the provision of the Services requires the processing of personal data, the Controller hereby entrusts Processor with the processing of personal data, and Processor undertakes to process such data solely on behalf of and in accordance with the documented instructions of the Controller, including this DPA, the Agreement, the Policy, and instructions provided within the scope of the Services, unless otherwise required by applicable law.
3. Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other applicable data protection provisions. Where Processor is required by applicable law to process personal data otherwise than as instructed by the Controller, Processor shall inform the Controller of that legal requirement prior to processing, unless such law prohibits such information on important grounds of public interest.
4. The purpose of the processing is the provision of the Services by Processor to the Controller, in particular for the purposes of diagnostics, troubleshooting, configuration support, system analysis, and other activities strictly necessary to perform technical support services as described in the Policy.
5. The duration of the processing shall correspond to the duration of the Services provided under the Agreement, and, where applicable, for the period necessary to complete a given support request, unless applicable law requires longer retention.
6. The processing concerns the following categories of data subjects: employees, contractors, collaborators, or other representatives of the Controller, as well as end users whose data may be included in logs, configurations, or other materials provided by the Controller in connection with a support request.
7. The categories of personal data processed may include, in particular: identification data, contact data, system and device data (including logs), configuration data, and any other data provided by the Controller in connection with the provision of the Services.
8. The nature of the processing may include: access, collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, restriction, erasure, or destruction, solely to the extent necessary for the performance of the Services.
9. Processor shall ensure that persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
10. Processor shall implement appropriate technical and organizational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk to the rights and freedoms of natural persons.
11. Taking into account the nature of the processing, Processor shall assist the Controller, insofar as possible, by appropriate technical and organizational measures, in fulfilling the Controller’s obligation to respond to requests for exercising data subject rights under the GDPR.
12. Taking into account the nature of the processing and the information available to Processor, Processor shall assist the Controller in ensuring compliance with obligations pursuant to Articles 32–36 of the GDPR.
13. In the event of a personal data breach, Processor shall notify the Controller without undue delay, no later than 48 hours after becoming aware of the breach, via the contact details associated with the Controller’s account or otherwise provided under the Agreement.
14. The Controller grants Processor a general authorization to engage sub-processors. A current list of sub-processors is set out in the Supplement to this DPA. Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object to such changes within 14 days. An objection may result in termination of the Agreement in accordance with its terms.
15. Where Processor engages a sub-processor, it shall impose on that sub-processor, by way of a contract or other legal act, the same data protection obligations as set out in this DPA.
16. Upon termination of the Services, Processor shall, at the choice of the Controller, delete or return all personal data and delete existing copies, unless applicable law requires storage. In the absence of a specific instruction from the Controller, data shall be deleted within 3 years from the completion of the relevant support activity.
17. Processor shall make available to the Controller all information necessary to demonstrate compliance with Article 28 of the GDPR and shall allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, subject to prior agreement on scope, timing, and confidentiality obligations.
18. Matters not regulated by this DPA shall be governed by the GDPR, applicable Polish law, and the Agreement, including the Policy.
19. This DPA shall enter into force upon the commencement of the Services and shall form an integral part of the Agreement.

Supplement to the Data Processing Agreement

 List of Sub-processors