Data Processing Agreement
Data Subjects, Personal Data Processed, Purpose of Processing, Nature of Processing and Duration of Processing
A.1 Categories of Data Subjects
-
End customers of the customer/partner
-
Employees of the customer/partner
-
Contact persons of the customer/partner
-
Personal data contained in the customer’s/partner’s customer information
A.2 Personal Data Processed
-
Contact information
-
User log data and IP addresses
A.3 Special Categories of Data (Sensitive Personal Data)
In order for the Processor to process Special Categories of Personal Data on behalf of the Controller, the Controller must list in the table below the Sensitive Personal Data that the Processor processes.
The Controller is also obliged to notify the Processor and update the table below if the information changes during the validity of this annex to the agreement.
Sensitive Personal Data
The Processor processes the following Sensitive Personal Data on behalf of the Controller:
| Category | Yes | No |
|---|---|---|
|
Race or ethnic origin, political opinion, philosophical or religious belief |
x |
|
|
Health Data |
x |
|
|
Sexual behavior and orientation |
x |
|
|
Trade union membership |
x |
|
|
Genetic or biometric data |
x |
|
|
Criminal convictions, suspicions, or charges |
x |
|
|
Children’s personal data |
x |
A.4 Purpose of Processing
The purpose of the Processor’s processing of Personal Data on behalf of the Controller is the following:
To provide services in accordance with the Agreement.
A.5 Nature of Processing
The Processor’s processing of Personal Data on behalf of the Controller mainly relates to:
Receiving, storing, recording, reporting, transferring, anonymizing, and deleting data.
A.6 Duration of Processing
The Processor processes Personal Data on behalf of the Controller for the following period:
As long as the Agreement is valid and applicable to the processing of Personal Data.
Current Sub-processors
The following sub-processors of the Processor have access to the Controller’s Personal Data (24.08.2025).
| Name | Location / Country | Legal transfer mechanism if the sub-processor has access to Personal Data outside the EU or EEA | Role in providing the service |
|---|---|---|---|
|
Google Cloud Platform |
EU |
Standard Contractual Clauses (if outside EU/EEA) |
Cloud infrastructure, storage, and computing services |
|
Mixpanel |
EU |
N/A (no transfers outside EU/EEA) or SCCs if applicable |
Analytics tool |
|
Auth0 |
EU |
N/A (no transfers outside EU/EEA) or SCCs if applicable |
User authentication tool |
|
Intercom |
EU |
N/A (no transfers outside EU/EEA) or SCCs if applicable |
Inapp chat tool |
|
Resend |
EU |
N/A (no transfers outside EU/EEA) or SCCs if applicable |
Transactional email traffic |
|
Kombo |
EU |
N/A (no transfers outside EU/EEA) or SCCs if applicable |
Integration platform for HRIS and ATS integrations. |