Data Processing Agreement (DPA)
Information about the Data Processing Agreement for enterprise customers
The Data Processing Agreement (DPA) is an essential component of GDPR compliance for enterprise customers using meinGPT.
What is a DPA?
A Data Processing Agreement is a legally binding contract between:
- Controller - Your organization, which determines the purposes and means of data processing
- Processor - meinGPT/selectcode GmbH, which processes data on your behalf
When is a DPA Required?
A DPA is required when:
- Your organization is based in the EU or processes EU citizen data
- You process personal data through meinGPT
- You need to meet legal compliance requirements
- Your company policies require it
Contents of Our DPA
Core Elements
-
Subject Matter of Processing
- Types of data processed
- Categories of data subjects
- Purpose of processing
- Duration of processing
-
Technical and Organizational Measures
- Encryption and pseudonymization
- Confidentiality and integrity
- Availability and resilience
- Regular assessment
-
Processor Obligations
- Processing only on documented instructions
- Confidentiality commitments
- Support for data subject rights
- Deletion after contract termination
-
Sub-processors
- List of approved sub-processors
- Notification of changes
- Right to object
- Liability provisions
Security Measures
Physical Security
- Access control to data centers
- System access control
- Data access control
Technical Security
- Encryption (AES-256)
- Network segmentation
- Intrusion detection
- Regular security updates
Organizational Security
- Employee training
- Confidentiality agreements
- Incident response plan
- Business continuity management
International Data Transfers
EU Standard Contractual Clauses
For data transfers outside the EU, we use:
- EU Standard Contractual Clauses (SCCs)
- Additional protective measures
- Transfer Impact Assessments
Data Localization
Options for data residency:
- EU Hosting - Data remains in the EU
- Local Deployment - On-premises installation
- Private Cloud - Dedicated infrastructure
Audit and Control
Control Rights
- Annual audit reports
- Inspection rights (by agreement)
- Certification evidence
- Penetration test reports
Compliance Evidence
- ISO 27001 certification
- SOC 2 Type II report
- TISAX conformity
- Regular data protection audits
Data Subject Rights
Support for Requests
We support you with:
- Access requests
- Rectification requests
- Deletion requests
- Data portability
- Right to object
Response Times
- Initial response: 24 hours
- Complete processing: 30 days
- Urgent requests: 48 hours
Data Breaches
Notification Obligations
- Notification within 24 hours
- Detailed report within 72 hours
- Support for authority notifications
- Documentation of all incidents
Incident Response
- Immediate containment
- Forensic analysis
- Damage limitation
- Prevention measures
Requesting a DPA
Process
- Contact our data protection team
- Submit your requirements
- Customization of standard DPA
- Legal review
- Signature
Contact
Data Protection Officer
- Email: privacy@selectcode.io
- Phone: +49 711 18 42 01 60
- Address: selectcode GmbH, Lautenschlagerstraße 20, 70173 Stuttgart
Required Information
- Company name and legal form
- Data protection officer contact details
- Types of data processed
- Special requirements
Frequently Asked Questions
Is the DPA chargeable? No, the standard DPA is free for all Enterprise customers.
Can the DPA be customized? Yes, we can make customer-specific adjustments.
How long does the process take? Usually 5-10 business days, depending on requirements.
Which languages are available? German and English, others on request.