Data Processing Agreement

This DPA applies when Bitsapiens processes personal data on behalf of a client in the context of contracted services.

The client acts as controller and Bitsapiens as processor, unless otherwise agreed in writing.

Bitsapiens will process personal data only according to documented client instructions and for purposes related to the services.

Data categories, data subjects, duration and processing operations should be described in the applicable proposal, contract or annex.

Bitsapiens applies appropriate technical and organisational measures, including access control, confidentiality, minimisation, backups where applicable and operational security practices.

Bitsapiens may use sub-processors needed for hosting, email, productivity, consented analytics and technical services.

Bitsapiens will ensure relevant sub-processors are subject to appropriate data protection obligations.

Bitsapiens will support the client with data subject requests and notify relevant security incidents without undue delay.

At the end of services, personal data will be returned, deleted or anonymised according to client instruction and applicable legal obligations.