Data Processing Agreement - DPA - Dmany
open menu close menu
close menu
twitter icon image telegram conversation dmany
Join the Conversational Channel
twitter icon image telegram news dmany
Join the News Channel to keep updated

Data Processing Agreement – DPA

Last revised: January 01, 2024 Effective date: January 01, 2024

THIS EUROPEAN DATA PROCESSING ADDENDUM (“European DPA”) is entered into as of the ________ by and between: (1) Dmany Development UG, Im Mediapark 5, 50670 Köln; and (2) ________________________  the entity or other person who is a counterparty to the Agreement (as defined below) into which the European DPA is incorporated and forms a part (“Customer”), together the “Parties” and each a “Party”.

1. Introduction

This Agreement outlines the terms under which the Data Processor shall process personal data on behalf of the Data Controller, in compliance with the General Data Protection Regulation (GDPR). It specifies the nature, scope, context, and purpose of processing, along with the duration of processing types of personal data and categories of data subjects involved.

2. Subprocessors and audits

The Data Processor utilizes the following subprocessors to enhance security, reliability, and performance:

Amazon Web Services (AWS):

AWS incorporates Standard Contractual Clauses (SCCs) into its GDPR Data Processing Addendum, which are now part of its online Service Terms. This ensures compliance with EU data protection requirements for transferring personal data outside the European Economic Area. AWS also provides detailed commitments to data protection, including customer control over data, use of sub-processors, and measures to protect customer data against government requests. AWS’s GDPR DPA, including the implementation of new SCCs and the use of sub-processors, offers assurance for GDPR compliance.

More details can be found in AWS’s GDPR Data Processing Addendum announcement and GDPR compliance following the Schrems II ruling (link).

Google Cloud Platform (GCP):

GCP’s Data Processing Addendum details its data processing obligations and security measures. It incorporates the SCCs, ensuring lawful data transfer outside of the European Economic Area. GCP’s commitment to GDPR compliance and data protection is outlined in their Data Processing and Security Terms (link).


Cloudflare provides a Data Processing Addendum that outlines data processing, transfer, and security information. This addendum ensures Cloudflare’s services comply with GDPR requirements for data handling and transfer (link) .

Google Analytics:

Part of Google services, Google Analytics is covered under Google’s Data Processing Terms, which include provisions for GDPR compliance and data protection. This ensures that data handled by Google Analytics is processed in accordance with GDPR (link).

Brevo (for email notifications):

While specific GDPR compliance documentation for Brevo was not directly found, it’s essential for Dmany to ensure that Brevo adheres to GDPR requirements, especially regarding data protection and security measures for email communications (link). provides a Data Processing Agreement (DPA) to ensure compliance with GDPR for users of its platform. This DPA is designed to outline the responsibilities of Bubble and its customers regarding data processing and protection, incorporating Standard Contractual Clauses (SCCs) for lawful data transfer outside the EU/EEA. It covers aspects such as data processing roles, security measures, sub-processor use, and data subjects’ rights, ensuring Bubble’s commitment to data protection and compliance with GDPR requirements. For more detailed information, please visit Bubble’s DPA page at link.

Each subprocessor has been carefully selected based on their security measures and commitment to data protection.

3. Obligations of the Data Processor

The Data Processor agrees to process personal data in accordance with the conditions laid down in this Agreement, the Data Controller’s instructions, and GDPR. This includes maintaining records of processing activities as required under GDPR.

4. Data Protection

The Data Processor shall implement appropriate technical and organizational measures to ensure the security of personal data.

5. Rights of Data Subjects

The Data Processor shall assist the Data Controller in fulfilling requests from data subjects under GDPR, ensuring their rights to access, rectify, erase, or port their data are respected.

6. Subprocessor Compliance

The Data Processor ensures that all subprocessors are bound by contractual terms that require them to process personal data in accordance with the GDPR and this DPA.

7. Audit and Inspection

The Data Controller is entitled to conduct audits to verify compliance with this DPA, with the cooperation of the Data Processor.

8. Liability

The Data Processor shall be liable for the actions of its subprocessors to the extent of its control over such subprocessors.

9. Termination

Upon termination of this Agreement, the Data Processor shall, at the choice of the Data Controller, delete or return all personal data.

10. Governing Law

This Agreement shall be governed by the law of Germany, and disputes shall be resolved in the courts of Germany.

11. Data Breach Notification

The Data Processor shall notify the Data Controller without undue delay after becoming aware of a personal data breach. This notification shall include all relevant information concerning the breach as required under GDPR.

12. Data Transfer

In case of transfer of personal data to countries outside of the EEA, the Data Processor ensures compliance with GDPR through mechanisms such as Standard Contractual Clauses or adherence to an adequacy decision.

13. Cooperation and Assistance

The Data Processor shall provide necessary assistance to the Data Controller in ensuring compliance with GDPR obligations, including support in conducting data protection impact assessments and consultations with supervisory authorities.

14. Amendments and Updates

This Agreement may be amended or updated to remain compliant with changes in data protection laws or practices. Such amendments shall be agreed upon in writing between the Data Controller and Data Processor.

For the Data Processor:  

Signature: __________________________  


Date: __________________________  

For the Data Controller:  

Signature: __________________________  


Date: __________________________