OmniBudgets — Data Processing Addendum (DPA)

Effective date: October 16, 2025

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between the customer (“Customer”, the Controller) and JEDITOOLS DOO (“Processor”, “JEDITOOLS”, “we”, “us”) for the provision of OmniBudgets.

Capitalized terms not defined here have the meanings in the Terms or in applicable Data Protection Laws (including the GDPR and UK GDPR).

1. Subject Matter and Duration

We process Personal Data on behalf of Customer for the purpose of providing the Service. This DPA applies for the duration of the Agreement and until deletion of Personal Data in accordance with Section 10.

2. Nature and Purpose of Processing

Hosting, storage, transmission, display, and other processing necessary to provide core features, support, security, and maintenance of the Service.

3. Categories of Data and Data Subjects

4. Roles and Instructions

Customer is the Controller; JEDITOOLS is the Processor. We will process Personal Data only on documented instructions from Customer, including with regard to transfers of Personal Data to a third country, unless required by law.

5. Confidentiality

We ensure persons authorized to process Personal Data are under appropriate confidentiality obligations.

6. Security Measures

We implement appropriate technical and organizational measures, including encryption in transit, access controls, backups, role-based access, and logging, to ensure a level of security appropriate to the risk.

7. Sub-processors

Customer authorizes use of sub-processors listed at https://omnibudgets.com/sub-processors, as updated from time to time. We will impose data protection terms on sub-processors that provide at least the same level of protection as this DPA. We will notify Customer at least 30 days before adding or replacing a sub-processor; Customer may object on reasonable grounds within that period.

8. Assistance to Controller

Taking into account the nature of processing, we assist Customer by appropriate technical and organizational measures, insofar as possible, to fulfill obligations to respond to Data Subject Requests and to ensure compliance with Articles 32 to 36 GDPR.

9. Personal Data Breach

We will notify Customer without undue delay after becoming aware of a Personal Data Breach and provide information reasonably required to meet Customer’s breach notification obligations.

10. Deletion or Return

Upon termination of the Agreement, at Customer’s choice, we will delete or return Personal Data and delete existing copies within 90 days, unless retention is required by law.

11. Audits

We will make available information necessary to demonstrate compliance with this DPA and allow for and contribute to audits conducted by Customer or an auditor mandated by Customer, subject to reasonable confidentiality, security, and frequency limitations.

12. International Transfers

Where we transfer Personal Data outside the EEA/UK in absence of an adequacy decision, we will rely on appropriate safeguards such as the EU Standard Contractual Clauses (2021/914) and, where applicable, the UK International Data Transfer Addendum (IDTA).

13. Liability and Precedence

Each party’s liability under this DPA is subject to the limitations and exclusions in the Agreement. In case of conflict between this DPA and the Agreement, this DPA prevails with respect to data protection matters.

14. Governing Law and Jurisdiction

This DPA is governed by the laws of England and Wales, and the courts of England and Wales have exclusive jurisdiction.

15. Processor Identity & Contact

Processor: JEDITOOLS DOO (Reg. No. 51026004)

Address: UL. 4. JULA BB, BLOK 35-36, Podgorica, Montenegro (Crna Gora)

Websites: https://omnibudgets.comhttps://jedi.tools

Contact: jedi.tools@gmail.com

Document URL: https://omnibudgets.com/dpa