Skip to main content
CalionCalion

Data Processing Agreement

Last updated: 1 June 2026

This Data Processing Agreement (“DPA”) supplements the Calion Terms of Service and applies where Calion processes personal data on your behalf as a processor under the UK GDPR and EU GDPR.

1. Roles

Where you (the Customer) determine the purposes and means of processing, you are the controller and Calion is the processor. Where Calion determines those purposes (e.g. fraud prevention, our own compliance obligations), Calion is an independent controller.

2. Scope and duration

Calion processes personal data as necessary to provide the platform and any contracted services, for the duration of the relationship plus any retention period required by law.

3. Categories of data and data subjects

  • Data subjects: SME directors, beneficial owners, finance staff, end users invited.
  • Categories: identification data, business and financial data, KYC documents, usage and audit logs.

4. Sub-processors

Customer grants general authorisation to the sub-processors listed on our Sub-processors page. Calion will provide at least 14 days' notice of any new sub-processor and the Customer may object on reasonable data-protection grounds.

5. Security

Calion implements appropriate technical and organisational measures including encryption in transit and at rest, role-based access control, audit logging, MFA for privileged access, and regular vulnerability scanning. Details on the Security page.

6. International transfers

Where personal data is transferred outside the UK or EEA, the parties incorporate the EU Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum, as applicable.

7. Personal data breach

Calion will notify the Customer without undue delay (and in any case within 72 hours) after becoming aware of a personal data breach affecting the Customer's data.

8. Audit

Calion will make available the information necessary to demonstrate compliance, including third-party attestations (SOC 2 / ISO 27001 where applicable) and the right to audit on reasonable notice subject to confidentiality.

9. Signed copy

A counter-signed PDF DPA is available on request. Email legal@calion.ie.