Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between you (the "Controller") and HYPD Advertising Intelligence GmbH (the "Processor") and governs the processing of personal data carried out by HYPD on the Controller's behalf in connection with the HYPD services. It is concluded in accordance with Article 28 of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

1. Subject Matter and Duration

The Processor processes personal data on behalf of and under the documented instructions of the Controller solely for the purpose of providing the contractually agreed services. This DPA remains in effect for as long as the Processor processes personal data on behalf of the Controller under the main agreement.

2. Nature and Purpose of Processing

The Processor processes personal data to operate, maintain and provide the HYPD advertising-intelligence platform, including account management, campaign analysis, reporting and customer support, as further described in the main agreement.

3. Categories of Data Subjects and Personal Data

The processing concerns the categories of data subjects (e.g. the Controller's employees, customers and prospects) and the categories of personal data (e.g. contact details, account and usage data, and campaign data) that the Controller submits to or generates through the HYPD services.

4. Obligations of the Processor

The Processor undertakes to:

  • process personal data only on documented instructions from the Controller, including with regard to transfers to a third country, unless required to do so by Union or Member State law;
  • ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • implement the technical and organisational measures required under Article 32 GDPR;
  • assist the Controller, insofar as possible, in fulfilling its obligation to respond to data-subject requests;
  • assist the Controller in ensuring compliance with the obligations under Articles 32 to 36 GDPR;
  • at the choice of the Controller, delete or return all personal data after the end of the provision of services, unless storage is required by law.

5. Sub-processors

The Controller grants the Processor general authorisation to engage sub-processors. The Processor will inform the Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object. The Processor imposes data-protection obligations on its sub-processors that are no less protective than those set out in this DPA.

6. Technical and Organisational Measures

The Processor maintains appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, where appropriate, encryption, access controls, resilience of processing systems, and processes for regularly testing and evaluating the effectiveness of those measures.

7. International Transfers

Where personal data is transferred to a country outside the European Economic Area, the Processor ensures that an appropriate transfer mechanism under Chapter V GDPR is in place, such as an adequacy decision or the EU Standard Contractual Clauses.

8. Audit Rights

The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and allows for and contributes to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

9. Contact

For questions relating to this DPA or to request a countersigned copy, please contact us at privacy@hypd.ai.

Bring paid media into your AI, safely.

Join 300+ marketers who connected their stack to Claude and ChatGPT through HYPD. GDPR compliant, EU hosted, human in the loop by default.

Sign up