Data Processing Agreement

Between the User and Multiapps SL Effective Date: March 26, 2025

This Data Processing Agreement (“Agreement”) sets out the terms under which personal data is processed on behalf of the user (“Controller”) by Multiapps SL (“Processor”), the developer of the Meal Planner app. This document ensures compliance with Article 28(3) and (4) of the GDPR.

SECTION I – GENERAL TERMS

Clause 1 – Scope and Purpose

1.1 This Agreement outlines how personal data is handled when using Meal Planner, in line with the GDPR. 1.2 It applies to all processing activities performed by Multiapps SL as described in Annex II. 1.3 All Annexes form an integral part of this Agreement. 1.4 This Agreement does not override other GDPR requirements or rules on international transfers.

Clause 2 – Amendments

2.1 These Clauses may not be modified, except to update the Annexes with relevant information. 2.2 The Agreement may be included within a broader set of terms, as long as its legal protections remain intact.

Clause 3 – Interpretation

3.1 Terms defined in the GDPR have the same meaning here. 3.2 This Agreement must be interpreted to be consistent with the GDPR. 3.3 No part of this Agreement shall contradict or reduce data subjects’ rights under the GDPR.

Clause 4 – Precedence

In the event of any conflict between this Agreement and other related contracts, this Agreement shall prevail.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 5 – Processing Overview

The types of data and purposes of processing are described in Annex II.

Clause 6 – Responsibilities

6.1 Instructions

  • Multiapps SL only processes personal data based on written instructions from the user unless otherwise required by law.
  • We will notify users if any instruction appears to violate GDPR.

6.2 Purpose Limitation

Data is only processed for the purposes defined in Annex II unless additional consent is given.

6.3 Duration

Processing continues for as long as the user uses the app or until data is deleted as per Annex II.

6.4 Security Measures

  • We apply technical and organizational safeguards as listed in Annex III.
  • Only authorized personnel have access to personal data and are bound by confidentiality.

6.5 Special Categories of Data

If sensitive data is involved (e.g. health or dietary info), additional protections are applied.

6.6 Accountability

  • We maintain records and will provide documentation on request.
  • We support audits if needed.
  • All findings and compliance info will be available to supervisory authorities upon request.

6.7 Sub-Processors

  • We may use approved sub-processors (listed in Annex IV).
  • Users will be notified of any changes.
  • Sub-processors are bound by the same obligations and protections.
  • Multiapps SL remains liable for their compliance.

6.8 Data Transfers

  • We follow GDPR rules when transferring data outside the EU.
  • Standard Contractual Clauses will be used when necessary.

Clause 7 – Support to Users

  • We will inform users of any data subject request we receive.
  • We assist users in fulfilling their GDPR obligations, including handling data requests and conducting data protection impact assessments.

Clause 8 – Data Breach Notifications

If a data breach occurs, we will:

  • Notify the user without undue delay.
  • Provide all relevant details (scope, impact, actions taken).
  • Support the user in meeting their obligations under Articles 33 and 34 of the GDPR.

SECTION III – TERMINATION

Clause 9 – Non-Compliance and Exit

9.1 If Multiapps SL violates this Agreement, the user may suspend data processing or terminate the contract.

9.2 Termination is possible if:

  • The breach is not resolved in a timely manner.
  • There is persistent non-compliance with GDPR.
  • A regulatory decision is ignored.

9.3 Multiapps SL may also terminate if complying with the user’s instructions would breach the law.

9.4 Upon termination:

  • Users can request deletion or return of all personal data.
  • We’ll comply unless retention is legally required.
  • Until deletion, all safeguards remain in place.

APPENDIX I – Parties

Controller: You, the user of the Meal Planner app Processor: Multiapps SL, Avenida Aeroporto núm. 686 Bj, (36318), Spain

APPENDIX II – Processing Details

Data Subjects

Users of the Meal Planner app.

Personal Data

  • Notes and text entered by the user
  • Photos from the device’s camera or gallery
  • Login details (email address)
  • App usage data
  • Optionally, sensitive dietary or health-related information

Purposes

  • Enabling app functionality (saving and syncing data)
  • Providing AI features (in development)
  • Anonymized analytics
  • Diagnostics and user support

Duration

Data is processed as long as the user maintains an account or stores data locally. Data can be deleted by the user at any time.

APPENDIX III – Security Measures

  • Local data stored securely on the device
  • Parse Server with controlled access for cloud sync
  • Firebase Analytics: anonymized data collection
  • Encrypted transmission (TLS)
  • Access controls and authentication
  • Limited employee access under confidentiality agreements
  • Backup and recovery procedures
  • AI usage is optional and clearly marked

APPENDIX IV – Sub-Processors

  • Parse Server (Self-hosted): Data storage and synchronization
  • Firebase (Google LLC): Analytics and diagnostics
  • OpenAI: (Under development, for AI features – only if enabled by the user)

If you have any questions about this agreement or your data, feel free to contact our team.