Data Processing Agreement

1. Subject and Duration of Processing

This Data Processing Agreement (DPA) governs the rights and obligations related to the processing of personal data by CollideX GmbH as a processor within the meaning of Art. 28 GDPR. The duration of processing corresponds to the term of the main contract.

2. Nature and Purpose of Processing

The processing of personal data is carried out exclusively within the scope of the contractually agreed services of the CollideX Connect platform. This includes the storage, organization, and provision of data within the platform services.

3. Types of Personal Data

The subject of processing includes: contact data (name, email, phone), platform usage data, company data, and any additional data entered by the controller into the platform.

4. Technical and Organizational Measures

CollideX GmbH ensures appropriate technical and organizational measures pursuant to Art. 32 GDPR. These include: encryption of data transmission (TLS), access control, regular security audits, hosting in German Tier 3+ data centers, and role-based permission systems.

5. Sub-processors

Sub-processors are only engaged with the prior written consent of the controller. CollideX GmbH ensures that sub-processors are subject to the same data protection obligations.

6. Rights of Data Subjects

CollideX GmbH supports the controller in fulfilling the rights of data subjects (access, rectification, erasure, restriction, data portability) pursuant to Art. 12–23 GDPR.

7. Deletion and Return of Data

Upon termination of the main contract, all personal data will be deleted or returned at the controller's choice, unless there is a legal retention obligation.