Last updated: March 25, 2025
This Data Processing Agreement ("DPA") forms part of the agreement between the customer (“Data Controller”) and Audiorista ApS, a company incorporated under the laws of Denmark (“Data Processor”), collectively referred to as the “Parties”.
By creating an account, using our services, or otherwise agreeing to our Terms of Service, the Data Controller agrees to the terms of this DPA, which governs the processing of Personal Data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.
This DPA is effective as of the date the Data Controller first uses the services provided by Audiorista and remains in force for as long as Audiorista processes Personal Data on behalf of the Data Controller.
For the purposes of this Agreement, the following definitions apply:
2.1. The Data Processor agrees to process Personal Data on behalf of the Data Controller strictly in accordance with the terms of this Agreement. The categories of Personal Data, the nature and purpose of processing, and the categories of Data Subjects are outlined in Privacy Policy.
2.2. This Agreement shall remain in effect as long as the Data Processor processes Personal Data on behalf of the Data Controller, unless otherwise terminated in accordance with Section 10.
The Data Processor agrees to:
3.1. Processing Instructions: Process Personal Data only based on the documented instructions of the Data Controller, unless required by law, in which case the Data Processor shall notify the Data Controller.
3.2. Confidentiality: Ensure that all personnel authorized to process Personal Data have committed to confidentiality obligations or are under an appropriate statutory obligation of confidentiality.
3.3. Security Measures: Implement appropriate technical and organizational measures to ensure the security of Personal Data, including measures to protect against unauthorized access, alteration, disclosure, or destruction.
3.4. Sub-processors: Obtain the prior written consent of the Data Controller before engaging Sub-processors and ensure they adhere to the same data protection obligations under this Agreement. A list of approved Sub-processors is available on our website audiorista.com.
3.5. Data Subject Rights: Assist the Data Controller in fulfilling its obligations to respond to Data Subject requests regarding their rights under GDPR, including access, rectification, erasure, restriction, portability, and objection.
3.6. Data Breach Notification: Notify the Data Controller without undue delay, and no later than 48 hours, after becoming aware of a Personal Data breach, including all relevant details necessary for compliance with GDPR obligations.
3.7. Record-Keeping and Compliance: Maintain accurate records of data processing activities and make them available to the Data Controller or Supervisory Authorities upon request.
The Data Controller agrees to:
4.1. Lawful Processing: Ensure that Personal Data is collected and processed lawfully, fairly, and transparently in compliance with GDPR.
4.2. Instructions to Processor: Provide clear, documented, and lawful instructions to the Data Processor regarding the processing of Personal Data.
4.3. Data Subject Rights: Maintain the responsibility of responding to Data Subject requests while allowing the Data Processor to assist when necessary.
4.4. Supervision and Audits: Conduct periodic audits or request information regarding the Data Processor’s compliance with this Agreement.
5.1. Personal Data shall not be transferred outside the EEA unless the Data Processor ensures adequate protection through mechanisms such as:
6.1. The Data Controller has the right to audit the Data Processor’s compliance with this Agreement. Audits shall be conducted with reasonable prior notice and during business hours.
6.2. The Data Processor agrees to cooperate fully and provide all necessary information and access to demonstrate compliance.
7.1. Upon termination of services, the Data Processor shall delete or return all Personal Data to the Data Controller, unless retention is required by law.
8.1. This Agreement shall be governed by and construed in accordance with the laws of Denmark. Any disputes arising under or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of Denmark.
9.1. The Data Processor shall indemnify and hold harmless the Data Controller against any claims, liabilities, damages, or expenses arising from the Data Processor’s breach of this Agreement.
9.2. The liability of either Party shall be subject to any limitations set forth in the underlying service agreement.
10.1. Either Party may terminate this Agreement upon written notice if the other Party materially breaches its obligations and fails to cure such breach within 30 days of notice.
10.2. Upon termination, the obligations of confidentiality and data protection shall continue as long as Personal Data remains in the possession of the Data Processor.
IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date.
