Free Form Builder: Tables, Logic, Sheets

Zapof

SCC Annexes for Borneosoft Services


This document provides a summary of the Standard Contractual Clauses (SCCs) that govern the transfer of personal data from the European Economic Area (EEA) to our Australian-based support team. These clauses ensure that personal data remains protected in accordance with the principles of the GDPR, even when it is accessed in a third country.

For the purpose of these SCCs, the following roles apply:

  • Data Exporter: You, as our customer, are the Data Exporter. You are the Data Controller for the data you input into our service and are responsible for ensuring its lawfulness.
  • Data Importer: Borneosoft Pty Ltd is the Data Importer. We are the Data Processor for your data and are bound by these clauses to process your data only on your instructions and with the specified safeguards in place.

Annex I: List of Parties

The EU General Data Protection Regulation ("GDPR") is a comprehensive privacy law that came into effect on May 25, 2018. It provides individuals in the European Union (EU) with enhanced rights and control over their personal data.


Data Exporter:

  • Name: Our Customer (as identified in the Borneosoft Terms of Service and Data Processing Agreement)
  • Address: As per customer account details
  • Contact Person: As per customer account details
  • Role: Data Controller

Data Importer:

  • Name: Borneosoft Pty Ltd
  • Contact Person: Privacy Officer
  • Contact Details: dpo@zapof.com
  • Role: Data Processor


Annex II: Description of the Processing

  • Categories of Data Subjects: Individuals whose personal data is processed by the Data Exporter through the Borneosoft platform. This may include end-users, employees, or customers of the Data Exporter.
  • Categories of Personal Data: Any personal data that the Data Exporter chooses to process using the Borneosoft platform.
  • Processing Operations: Collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.
  • Purpose of the Data Transfer: The Data Importer (Borneosoft) will access the Data Exporter's data for the sole purpose of providing technical support, maintenance, and troubleshooting as requested by the Data Exporter.
  • Period of Processing: Personal data is processed for the duration of the customer's subscription to the Borneosoft services and is retained in accordance with the terms of the Data Processing Agreement.

Annex III: Technical and Organisational Measures

Borneosoft has implemented a range of security measures to protect the integrity and confidentiality of the personal data we process. These measures include:

Physical and Environmental Security:

  • Our primary data servers are hosted in secure, ISO 27001-certified data centers located in Canada, which has an adequacy decision from the European Commission.
  • Physical access to our data centers is restricted to authorized personnel and is monitored 24/7.

System and Network Security:

  • All data is protected using an encrypted transport protocol (TLS 1.3 or higher) with modern cryptographic standards.
  • We use firewalls and network security measures to protect against unauthorized access.

Access Control and Authorization:

  • Access to customer data by our support team is granted on a "need-to-know" basis and is strictly controlled.
  • We maintain comprehensive access logs and conduct regular reviews to ensure compliance.

Data Retention and Deletion:

  • Data is retained only for as long as necessary to provide the service or as required by law.
  • When a user requests deletion, we remove the data from our live database and initiate a process to purge it from our systems. We aim to complete all erasures, including the removal of data from all backups and logs, within 30 days.

Incident Management:

  • We have an established data breach response plan that includes procedures for internal reporting, communication with affected customers, and notification to supervisory authorities where required by law.



PRODUCT & FEATURES


Form Builder

Questions and Web Elements Library

Table and Spreadsheet

Conditional Logic

Payment Forms

Choice of Payment Methods

Recurring and Conditional Payment

Discount Voucher

Save and Resume

Email Notification

Downloadable Receipt

Responsive Design

Multi-tabs Forms

Reusable Forms

No-duplicate Submissions

Royalty Free Fonts and Images

CAPTCHA Protection

RESOURCES


Form Templates

Pricing

FAQ

How-to Guide

Getting Started

Help Center

Blog

Zapof Functions

Choosing Stripe or PayPal

GDPR

Notice And Take Down Policy

COMPANY


About

Contact Us




Terms | Privacy | Spam Policy

© 2026 Zapof

This page is protected by Google reCAPTCHA. Privacy - Terms.
 
Built using Zapof