Sign in
Register

Data Processing Agreement

Data Processing Agreement (DPA)
Last updated: 21. 3. 2026

This Data Processing Agreement (“DPA”) forms part of the Terms and Conditions between Adspire d.o.o. (“Processor”) and the customer (“Controller”).

This DPA governs the processing of personal data by the Processor on behalf of the Controller in connection with the use of the Service.

1. Definitions

  • Controller: the entity that determines the purposes and means of processing personal data

  • Processor: Adspire d.o.o., processing personal data on behalf of the Controller

  • Personal Data: any information relating to an identified or identifiable individual

  • Processing: any operation performed on personal data

All terms shall have the meaning given under the GDPR.

2. Subject Matter and Duration

The Processor will process personal data solely for the purpose of providing the Service to the Controller.

Processing will continue for the duration of the Controller’s use of the Service, unless otherwise required by law.

3. Nature and Purpose of Processing

Processing includes:

  • Hosting and storing data

  • Organizing and analyzing marketing data

  • Providing automation and optimization features

  • Customer support and technical maintenance

4. Types of Personal Data

Depending on the Controller’s use of the Service, personal data may include:

  • Names and contact details

  • Email addresses

  • Marketing and engagement data

  • Technical data (IP address, device data)

5. Categories of Data Subjects

  • Customers and users of the Controller

  • Website visitors

  • Marketing leads and contacts

6. Obligations of the Processor

The Processor shall:

  • Process personal data only on documented instructions from the Controller

  • Ensure confidentiality of authorized personnel

  • Implement appropriate technical and organizational security measures

  • Assist the Controller in fulfilling its GDPR obligations (e.g., data subject rights, breach notifications)

  • Notify the Controller without undue delay of any personal data breach

7. Subprocessors

The Controller authorizes the Processor to engage subprocessors, including:

  • Hetzner Online GmbH (hosting infrastructure)

The Processor shall:

  • Ensure subprocessors are bound by data protection obligations

  • Remain responsible for their performance

The Processor will inform the Controller of any intended changes to subprocessors.

8. International Transfers

Where personal data is transferred outside the EEA, the Processor ensures appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)

  • Transfers to countries with adequacy decisions

9. Security Measures

The Processor implements appropriate technical and organizational measures, including:

  • Secure EU-based hosting

  • Encryption in transit

  • Access controls and authentication

  • Monitoring and system security practices

10. Data Subject Rights

The Processor shall assist the Controller in responding to requests from data subjects, including:

  • Access, rectification, and deletion

  • Restriction or objection to processing

  • Data portability

11. Data Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.

12. Data Deletion or Return

Upon termination of the Service, the Processor shall:

  • Delete or return personal data, at the Controller’s choice

  • Retain data only where required by law

13. Audit Rights

The Controller may request reasonable information to verify compliance with this DPA.

Audits shall be limited to what is necessary and must not disrupt the Processor’s operations.

14. Liability

Liability under this DPA shall be subject to the limitations set out in the Terms and Conditions.

15. Governing Law

This DPA shall be governed by the laws of Slovenia.

16. Contact

Adspire d.o.o.
Podlehnik 9A, Slovenia
Email: [email protected]