Home Data DPA (Data Processing Agreement)

DPA (Data Processing Agreement)

Last updated on May 01, 2025

PERSONAL DATA PROCESSING AGREEMENT

Introduction

This Personal Data Processing Agreement (“Agreement”) applies to all products and services delivered by Demoable (“Demoable”) to the Customer agreeing to these terms (“Customer”) from time to time.

The purpose of this Agreement is to establish the principles governing the privacy and data protection of the Customer’s Personal Data processed through Demoable’s services. This Agreement constitutes a written contract under the EU General Data Protection Regulation (2016/679) ("GDPR") regarding the processing of personal data.

If the terms in this Agreement conflict with other agreements between the parties, this Agreement shall prevail regarding personal data processing matters.

Definitions

In accordance with the GDPR:

  • "Controller" means the Customer or its client, who determines the purposes and means of processing Personal Data.

  • "Processor" means Demoable, which processes Personal Data on behalf of the Controller.

  • "Processing" means any operation or set of operations performed on Personal Data, whether automated or manual, such as collection, recording, storage, use, disclosure, or deletion.

  • "Personal Data" refers to any information relating to an identified or identifiable natural person ("Data Subject").

  • "Personal Data Breach" means a security breach leading to accidental or unlawful destruction, loss, alteration, or unauthorized access to Personal Data.

Data Protection and Processing of Personal Data

Obligations of Demoable and the Customer

Demoable processes Personal Data solely on behalf of the Customer and only as instructed in writing. The Controller is responsible for having a lawful basis for data processing, obtaining necessary consents, and providing Data Subjects with required notices. The Customer ensures the accuracy and lawfulness of the data it provides.

The Customer defines the purpose and scope of the data processing. The types of Personal Data, Data Subjects, and specific processing purposes are outlined in the relevant service descriptions and Annex 1.

Demoable will:

  • Process Personal Data only per this Agreement and written Customer instructions.

  • Notify the Customer of any conflict between its instructions and applicable data protection laws.

  • Maintain records of processing activities as required by the GDPR.

  • Use collected data solely for service provision and improvements, in anonymized and aggregated form when applicable.

Deletion or Returning of Data

Upon termination of the Agreement, Demoable will, based on the Customer’s written instructions, either return or delete all Personal Data and any copies unless retention is required by law.

Subcontractors

Demoable may engage subcontractors to assist in data processing. Demoable remains fully responsible for its subcontractors’ compliance with this Agreement and GDPR obligations. Demoable will enter into written agreements with all subcontractors and will inform the Customer of any subcontractors involved in processing Personal Data as described in Annex 1.

PROCESSING SPECIFICATION FORM (ANNEX 1)

Details regarding categories of data, processing purposes, and subcontractors used will be specified in a separate annex to this Agreement.