DPA template under GDPR Art. 28

Whenever personal data is processed on behalf of a customer, a data-processing agreement (DPA) under GDPR Art. 28 is concluded. SIMO GmbH provides a standardised template that is individualised per customer (counterparty, processing purposes, subprocessor selection).

What does the DPA cover?

• Subject matter, duration, nature and purpose of processing (Art. 28 (3) (a)).
• Types of personal data and categories of data subjects.
• Obligations and rights of the controller.
• Technical and organizational measures (TOMs) as Annex 2.
• Subprocessor list (approved processors) as Annex 3.
• EU SCC 2021/914 as Annex 4 where third-country transfers apply.
• Provisions on inspection, audit and information rights.

How to obtain

The individualised DPA template is provided as a PDF on request. Please include in the request:

• Counterparty (company, legal form, address, authorised signatory).
• Intended processing scope (which SIMOSphere AI surfaces, which categories of data).
• Subprocessor opt-ins (Tavily? Microsoft Graph? Stripe?).

Request DPA template

Note: a directly downloadable, unsigned PDF version will be added in one of the upcoming waves.

References

• Current subprocessor list (Annex 3)
• Privacy policy
• ← Back to compliance overview