{"id":11290,"date":"2024-06-19T15:23:24","date_gmt":"2024-06-19T13:23:24","guid":{"rendered":"https:\/\/webbforvaltning66619632b6dae.cloud.bunnyroute.com\/?page_id=11290"},"modified":"2026-04-20T18:04:22","modified_gmt":"2026-04-20T17:04:22","slug":"dpa","status":"publish","type":"page","link":"https:\/\/conlumina.reviews\/de\/dpa\/","title":{"rendered":"Datenverarbeitungsvertrag (DPA)"},"content":{"rendered":"<h2>1. Roles and Scope<\/h2>\n<p>The Controller acts as the data controller and the Processor acts as the data processor within the meaning of the GDPR.<\/p>\n<p>The Processor shall process personal data solely on behalf of the Controller and in accordance with the Controller\u2019s documented instructions, as defined in this Agreement, the applicable Terms of Service, and the Controller\u2019s use and configuration of the service.<\/p>\n<h2>2. Scope of Processing<\/h2>\n<p>The Processor processes personal data to provide the Conlumina Reviews service. This includes:<\/p>\n<ul>\n<li>Importing customer data provided by the Controller<\/li>\n<li>Sending review invitations via email or other communication channels as configured by the Controller<\/li>\n<li>Managing and storing review responses<\/li>\n<li>Providing tools for moderation, response, and publication of reviews<\/li>\n<li>Aggregating and presenting review data within the platform<\/li>\n<\/ul>\n<p>The Processor does not use personal data for its own purposes and does not independently determine the purposes or means of processing beyond what is necessary to provide the service.<\/p>\n<h2>3. Instructions<\/h2>\n<p>The Controller instructs the Processor to process personal data in order to provide the service. Such instructions include, but are not limited to:<\/p>\n<ul>\n<li>Uploading or synchronising customer data<\/li>\n<li>Configuring communication workflows and triggers<\/li>\n<li>Defining recipients and timing of review invitations<\/li>\n<li>Managing and responding to reviews<\/li>\n<\/ul>\n<p>The Controller may provide additional documented instructions. The Processor shall inform the Controller if an instruction, in its opinion, infringes applicable law.<\/p>\n<h2>4. Legal Basis<\/h2>\n<p>The Controller is solely responsible for ensuring that a valid legal basis exists for the processing of personal data, including any communication sent via the service (e.g. review invitations), in accordance with applicable data protection and electronic communications laws.<\/p>\n<p>The Processor does not determine the legal basis for processing and acts only on behalf of the Controller.<\/p>\n<h2>5. Confidentiality<\/h2>\n<p>The Processor shall ensure that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.<\/p>\n<h2>6. Security Measures<\/h2>\n<p>The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including but not limited to:<\/p>\n<ul>\n<li>Encryption of data in transit<\/li>\n<li>Access control and authentication mechanisms<\/li>\n<li>Restriction of access to personal data<\/li>\n<li>Regular system updates and monitoring<\/li>\n<\/ul>\n<p>Further details are described in Appendix 1.<\/p>\n<h2>7. Sub-processors<\/h2>\n<p>The Processor may engage sub-processors to provide parts of the service, including providers of hosting, infrastructure, communication delivery, and analytics services.<\/p>\n<p>The Processor shall ensure that sub-processors are bound by data protection obligations equivalent to those set out in this Agreement.<\/p>\n<p>A current list of sub-processors is available upon request or at: [INSERT URL].<\/p>\n<p>The Controller may object to the use of a new sub-processor on reasonable data protection grounds.<\/p>\n<h2>8. Assistance to the Controller<\/h2>\n<p>The Processor shall assist the Controller, taking into account the nature of the processing, in fulfilling its obligations under applicable data protection law, including:<\/p>\n<ul>\n<li>Responding to data subject requests<\/li>\n<li>Ensuring compliance with security obligations<\/li>\n<li>Supporting data protection impact assessments where required<\/li>\n<\/ul>\n<h2>9. Personal Data Breaches<\/h2>\n<p>The Processor shall notify the Controller without undue delay and, where feasible, within 24 hours after becoming aware of a personal data breach.<\/p>\n<h2>10. International Transfers<\/h2>\n<p>The Processor shall not transfer personal data outside the EU\/EEA unless appropriate safeguards are in place in accordance with applicable law.<\/p>\n<h2>11. Data Retention and Deletion<\/h2>\n<p>Upon termination of the service, the Processor shall, at the choice of the Controller, delete or return all personal data, unless retention is required by applicable law.<\/p>\n<p>Unless otherwise agreed, personal data shall be deleted within 30 days after termination of the service.<\/p>\n<h2>12. Audits<\/h2>\n<p>The Controller may request information necessary to demonstrate compliance with this Agreement. Any audits shall be carried out with reasonable notice and without disrupting the Processor\u2019s operations.<\/p>\n<h2>13. Term and Termination<\/h2>\n<p>This Agreement remains in effect for as long as the Processor processes personal data on behalf of the Controller.<\/p>\n<h2>Appendix 1 \u2013 Description of Processing<\/h2>\n<h3>Categories of data subjects<\/h3>\n<ul>\n<li>Customers or clients of the Controller<\/li>\n<\/ul>\n<h3>Types of personal data<\/h3>\n<ul>\n<li>Name<\/li>\n<li>Email address<\/li>\n<li>Phone number (if provided)<\/li>\n<li>Review content and responses<\/li>\n<li>Metadata related to communication and interaction (e.g. timestamps, delivery status)<\/li>\n<\/ul>\n<h3>Purpose of processing<\/h3>\n<ul>\n<li>Sending review invitations<\/li>\n<li>Collecting and managing customer reviews<\/li>\n<li>Providing analytics and insights related to reviews<\/li>\n<li>Enabling publication and moderation of reviews<\/li>\n<\/ul>\n<h3>Nature of processing<\/h3>\n<ul>\n<li>Collection, storage, organisation, and structuring of data<\/li>\n<li>Transmission (e.g. sending communications)<\/li>\n<li>Retrieval and use within the platform<\/li>\n<li>Deletion upon instruction or termination<\/li>\n<\/ul>\n<h3>Duration of processing<\/h3>\n<ul>\n<li>For the duration of the service agreement and until deletion in accordance with Section 11<\/li>\n<\/ul>\n<h3>Security measures<\/h3>\n<ul>\n<li>Encryption in transit (HTTPS)<\/li>\n<li>Access control and role-based permissions<\/li>\n<li>Limitation of access to authorised personnel only<\/li>\n<li>Monitoring and logging of system activity<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Diese Datenverarbeitungsvereinbarung (\u201cVereinbarung\u201d) ist Bestandteil der Vereinbarung zwischen Conlumina Digital (\u201cAuftragsverarbeiter\u201d) und dem Kunden (\u201cAuftraggeber\u201d) \u00fcber die Nutzung des Conlumina Reviews-Dienstes.<\/p>","protected":false},"author":18,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"slim_seo":{"title":"Data Processing Agreement (DPA) - Conlumina Reviews","description":"Diese Datenverarbeitungsvereinbarung (\u201cVereinbarung\u201d) ist Bestandteil der Vereinbarung zwischen Conlumina Digital (\u201cAuftragsverarbeiter\u201d) und dem Kunden (\u201cAuftraggeber\u201d) bez\u00fcglich der u"},"footnotes":""},"class_list":["post-11290","page","type-page","status-publish","hentry"],"meta_box":{"ticker_image":[],"display_title":"","faq_heading":"","faq_intro":"","cl_accordion_items":[],"features_eyebrow":"","features_title":"","features_intro":"","services_title":"","services_intro":"","services_group":[],"costs_title":"","costs_paragraphs":[],"price_table":[],"video_url":""},"_links":{"self":[{"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/pages\/11290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/comments?post=11290"}],"version-history":[{"count":8,"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/pages\/11290\/revisions"}],"predecessor-version":[{"id":11569,"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/pages\/11290\/revisions\/11569"}],"wp:attachment":[{"href":"https:\/\/conlumina.reviews\/de\/wp-json\/wp\/v2\/media?parent=11290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}