Data Processing.

1. Purpose

This DPA describes how True North GmbH (“Processor”) handles personal data on behalf of its clients (“Controller”) in accordance with GDPR Article 28 while providing web design and related services.

2. Subject Matter and Duration

  • Subject Matter: Processing personal data provided by the Controller in connection with web design services, including website forms, client emails, analytics, and related project data.

  • Duration: The Processor will process personal data only for the duration of the service contract and will delete or return all personal data after contract termination unless legally required to retain it.

3. Nature and Purpose of Processing

  • The Processor provides web design services, hosting, content updates, and analytics.

  • Personal data is processed solely to perform the services under the contract.

4. Type of Personal Data

  • Name, email address, phone number

  • IP addresses collected via website forms or analytics

  • Any other data necessary for project delivery as provided by the Controller

5. Categories of Data Subjects

  • Controller’s customers, website visitors, or other individuals whose data is provided to the Processor for project purposes.

6. Processor Obligations

The Processor agrees to:

  1. Process data only on documented instructions from the Controller.

  2. Implement appropriate technical and organizational measures to ensure data security (encryption, access controls, backups).

  3. Ensure confidentiality of all personal data.

  4. Assist the Controller in fulfilling data subject rights (access, correction, deletion, portability).

7. Use of Subprocessors

  • The Processor may use third-party services (hosting, analytics, email delivery) to perform the contract.

  • The Processor ensures these subprocessors are GDPR-compliant and bound by equivalent data protection obligations.

8. Data Breach Notification

  • The Processor will notify the Controller without undue delay in case of any personal data breach.

  • Notification will include relevant information to allow the Controller to meet GDPR obligations.

9. Data Return or Deletion

  • Upon termination of services, the Processor will return or securely delete all personal data processed on behalf of the Controller.

10. Governing Law

  • This agreement is governed by German law, in line with GDPR compliance.

11. Reference Note

This is a sample Data Processing Agreement for reference purposes only.
The actual DPA is executed with each client individually as part of the service contract to ensure full compliance with GDPR.

For more information, please also review our:

  • Privacy Policy

  • Terms & Conditions