← Resec Cloud

Data Processing Agreement

Last updated: 1 July 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Wise Solutions LG Ltd. (“Processor”, “we”) and the customer (“Controller”, “you”) and governs the processing of personal data contained in Customer Content. It reflects the requirements of Israel’s Protection of Privacy Law and, where applicable, Article 28 of the EU/UK GDPR. If there is a conflict on data-protection matters, this DPA prevails.

1. Roles and scope

You are the Controller and we are the Processor of personal data you submit for processing. We process such data only to provide the Service and on your documented instructions (including via configuration and the Terms), unless required by law.

2. Processor obligations

  1. Process personal data only on the Controller’s documented instructions.
  2. Ensure personnel are bound by confidentiality.
  3. Implement appropriate technical and organizational security measures (Annex II).
  4. Engage sub-processors only under Section 3.
  5. Taking into account the nature of processing, assist the Controller in responding to data-subject requests.
  6. Assist the Controller with security, breach notification, and impact assessments.
  7. Notify the Controller without undue delay after becoming aware of a personal-data breach affecting Customer Content.
  8. On termination, delete or return personal data (after a short grace period), except where retention is required by law.
  9. Make available information reasonably necessary to demonstrate compliance and allow for audits under Section 5.

3. Sub-processors

You authorize us to engage the sub-processors listed in Annex III and to add or replace sub-processors, provided we impose data-protection obligations no less protective than this DPA and give you reasonable notice of changes so you may object on legitimate data-protection grounds.

4. International transfers

Where processing involves transfer of personal data across borders, we rely on lawful transfer mechanisms, including the EU Standard Contractual Clauses, which are incorporated by reference where required.

5. Audits

We will make available compliance information and, on reasonable prior notice and subject to confidentiality, allow the Controller (or an independent auditor) to verify compliance, no more than once per year unless required by a supervisory authority or following a breach.

6. Liability

Each party’s liability under this DPA is subject to the limitations of liability in the Terms of Service.


Annex I — Details of processing

Subject matterCDR sanitization and managed file transfer of Customer Content
DurationFor the term of the Service plus any retention/grace period
Nature & purposeReceiving, scanning, reconstructing, transferring, and returning files; caching verdicts
Categories of data subjectsDetermined by the Controller (e.g. Controller’s employees, customers, partners whose data appears in files)
Types of personal dataAny personal data contained within the files the Controller submits; account contact data
Special categoriesOnly if the Controller chooses to submit such data; the Controller is responsible for its lawfulness

Annex II — Security measures

Annex III — Sub-processors

Sub-processorPurposeLocation
Microsoft AzureCloud hosting, storage, computeEU (North Europe) / as configured
ResecCDR sanitization engineAs deployed
ClerkAuthentication / identity (where enabled)US/EU
Microsoft EntraEnterprise SSO (where enabled)EU / as configured

Contact: privacy@wise.co.il · Wise Solutions LG Ltd., 21 Hamelachot Boulevard, Modi'in, Israel.