Donate

Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) is entered into between:

Controller:
Kontakt Kollektiv gUG (haftungsbeschränkt)
Stockkamp 7
22607 Hamburg
Germany
Company Registration Number: HRB 181939
(Hereinafter referred to as the “Controller”)

Processor(s):

  1. GoDaddy (Website Hosting Provider)
    GoDaddy Operating Company, LLC
    2155 E GoDaddy Way
    Tempe, AZ 85284
    United States
    GoDaddy provides website hosting services for the Controller’s site, including storing and processing data collected through the website.
  2. Mailchimp (Email Marketing Provider)
    The Rocket Science Group LLC d/b/a Mailchimp
    675 Ponce de Leon Ave NE
    Suite 5000, Atlanta, GA 30308
    United States
    Mailchimp processes personal data for sending newsletters, event updates, and managing mailing lists for the Controller.
  3. Typeform (Survey/Form Collection Provider)
    Typeform SL
    Carrer Bac de Roda, 163
    Local B, 08018 Barcelona
    Spain
    Typeform is used to collect data from individuals through surveys, feedback forms, and event registration forms on behalf of the Controller.
  4. Eventbrite (Event Management Provider)
    Eventbrite, Inc.
    155 5th Street
    7th Floor, San Francisco
    CA 94103
    United States
    Eventbrite manages event registrations and ticketing for the Controller’s events, including collecting personal and payment information.

Contact Information:
Email: privacy@kontaktkollektiv.org
Website: www.kontaktkollektiv.com

Legal Representative (Vertretungsberechtigter):
Natalia Bialobrzewska

1. Subject Matter of the Agreement

The Processor agrees to process personal data on behalf of the Controller in accordance with the terms of this Agreement. The processing of personal data shall be carried out solely for the purposes defined by the Controller and specified in Annex 1 of this Agreement.

2. Duration of Processing

This Agreement shall remain in effect as long as the Processor processes personal data on behalf of the Controller or until it is terminated by either party, in accordance with the terms of this Agreement.

3. Nature and Purpose of Processing

The nature and purpose of the processing activities are described in Annex 1 of this Agreement.

4. Types of Personal Data and Categories of Data Subjects

The types of personal data processed and the categories of data subjects are defined in Annex 1 of this Agreement.

5. Obligations of the Processor

The Processor agrees to:

  • Process personal data only on the documented instructions of the Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by law.
  • Ensure that persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
  • Assist the Controller, by appropriate technical and organizational measures, in fulfilling its obligations to respond to requests from data subjects exercising their rights under the GDPR.
  • Assist the Controller in ensuring compliance with obligations under Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor.
  • Notify the Controller without undue delay after becoming aware of a personal data breach.
  • At the choice of the Controller, delete or return all personal data to the Controller after the end of the provision of services relating to processing and delete existing copies unless EU or Member State law requires storage of the personal data.
  • Make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this Agreement and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

6. Sub-Processors

The Processor shall not engage another processor (sub-processor) without prior specific or general written authorization from the Controller. Where the Processor engages a sub-processor, the same data protection obligations as set out in this Agreement shall be imposed on the sub-processor by way of a contract. The Processor shall remain fully liable to the Controller for the performance of the sub-processor’s obligations.

7. Rights of Data Subjects

Taking into account the nature of the processing, the Processor shall assist the Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller’s obligation to respond to requests for exercising the data subject’s rights under the GDPR.

8. Data Breaches

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach. The notification shall include at least the following information, where available:

  • The nature of the personal data breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned.
  • The likely consequences of the personal data breach.
  • The measures taken or proposed to be taken by the Processor to address the personal data breach.

9. Audit Rights

The Controller has the right to conduct audits or inspections of the Processor’s data processing activities, either through its own personnel or by engaging an independent auditor. The Processor shall provide all information and assistance necessary to demonstrate compliance with this Agreement and the GDPR.

10. Termination

This Agreement shall automatically terminate upon the termination or expiration of the underlying service agreement between the parties. Upon termination of this Agreement, the Processor shall cease all processing of personal data and either delete or return all personal data to the Controller, unless otherwise required by law.

11. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of Germany. Any disputes arising from or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts in Hamburg, Germany.

Annex 1 – Details of the Processing

1. Subject Matter

The Processor provides services such as website hosting, email marketing, survey collection, or event management for Kontakt Kollektiv gUG (haftungsbeschränkt), which involves the processing of personal data.

2. Duration of Processing

Processing will continue as long as the Processor provides services to the Controller, unless otherwise agreed or required by law.

3. Nature of Processing

The Processor will process personal data for the purposes of hosting, communication, event registration, data collection, and related services as requested by the Controller.

4. Purpose of Processing

The processing of personal data is necessary for website functionality, email communication, event management, surveys, and other services provided by the Processor.

5. Types of Personal Data

  • Names
  • Email addresses
  • Phone numbers
  • Payment information (for event registrations)
  • IP addresses
  • Responses to surveys and forms

6. Categories of Data Subjects

  • Website users
  • Event participants
  • Newsletter subscribers
  • Survey/form respondents

Each meaningful connection is a step towards preventing a loneliness epidemic. We make sure they are happening.

Facebook-f
Important links
Connect with us

Kontakt Kollektiv gUG (haftungsbeschränkt)
Stockkamp 7, 22607
Hamburg, Germany

© Copyright 2024 Kontakt Kollektiv. Made with love by Nordic Moon Studio.