Data Processing Agreement

Data Processing Agreement (DPA)

Last Updated: September 26, 2025

In accordance with Art. 28 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)

between

The Customer
(hereinafter referred to as the “Controller”)

and

Kernfamilie UG (haftungsbeschränkt)
Klosterstr. 10,
38889 Blankenburg (Harz),
Germany
(hereinafter referred to as the “Processor” or “SafeChats”)

(Controller and Processor hereinafter jointly referred to as the “Parties”)

Preamble
Preamble
Preamble
1: Subject Matter, Duration, Nature, and Purpose of the Processing
1: Subject Matter, Duration, Nature, and Purpose of the Processing
1: Subject Matter, Duration, Nature, and Purpose of the Processing
2: Type of Data and Categories of Data Subjects
2: Type of Data and Categories of Data Subjects
2: Type of Data and Categories of Data Subjects
3: Rights and Obligations of the Controller
3: Rights and Obligations of the Controller
3: Rights and Obligations of the Controller
4: Obligations of the Processor
4: Obligations of the Processor
4: Obligations of the Processor
5: Technical and Organisational Measures (TOMs)
5: Technical and Organisational Measures (TOMs)
5: Technical and Organisational Measures (TOMs)
6: Use of Sub-processors
6: Use of Sub-processors
6: Use of Sub-processors
7: Support Obligations of the Processor
7: Support Obligations of the Processor
7: Support Obligations of the Processor
8: Rights of Audit and Inspection
8: Rights of Audit and Inspection
8: Rights of Audit and Inspection
9: Deletion and Return of Data
9: Deletion and Return of Data
9: Deletion and Return of Data
10: Liability
10: Liability
10: Liability
11: Final Provisions
11: Final Provisions
11: Final Provisions

Appendix 1

Appendix 1

Technical and Organisational Measures (TOMs)

The Processor has implemented the following measures to protect the Controller's personal data:

1. Confidentiality (Art. 32(1)(b) GDPR)
1. Confidentiality (Art. 32(1)(b) GDPR)
1. Confidentiality (Art. 32(1)(b) GDPR)
2. Integrity (Art. 32(1)(b) GDPR)
2. Integrity (Art. 32(1)(b) GDPR)
2. Integrity (Art. 32(1)(b) GDPR)
3. Availability and Resilience (Art. 32(1)(b) GDPR)
3. Availability and Resilience (Art. 32(1)(b) GDPR)
3. Availability and Resilience (Art. 32(1)(b) GDPR)
4. Procedures for Regular Testing, Assessing and Evaluating (Art. 32(1)(d) GDPR)
4. Procedures for Regular Testing, Assessing and Evaluating (Art. 32(1)(d) GDPR)
4. Procedures for Regular Testing, Assessing and Evaluating (Art. 32(1)(d) GDPR)

Appendix 2

Appendix 2

Approved Sub-processors

Register of Approved Sub-processors
Register of Approved Sub-processors
Register of Approved Sub-processors

Ready to Activate Your Company's Brain?

Join leading European businesses building a secure, intelligent future with their own data.

Book a Strategy Call

Try SafeChats for Free

Ready to Activate Your Company's Brain?

Join leading European businesses building a secure, intelligent future with their own data.

Book a Strategy Call

Try SafeChats for Free

Ready to Activate Your Company's Brain?

Join leading European businesses building a secure, intelligent future with their own data.

Book a Strategy Call

Try SafeChats for Free

Data Processing Agreement (DPA)