Data Processing Agreement

1. Parties

This Data Processing Agreement (“DPA”) forms an integral part of the Terms & Conditions between:

Konstante s.r.o.

Na Hrebienku 2A, 811 02 Bratislava, Slovak Republic

VAT: SK2120239176

(“Processor”)

and

The Client, as defined in the Terms & Conditions

(“Controller”)

2. Subject Matter

This DPA governs the processing of personal data by Konstante on behalf of the Client in connection with the Services described in the Agreement.

3. Roles of the Parties

  • The Client acts as the Data Controller.

  • Konstante acts as the Data Processor.

Both parties shall comply with the General Data Protection Regulation (GDPR).

4. Categories of Personal Data

Konstante may process the following categories of personal data:

  • names and contact details

  • email addresses and phone numbers

  • communication data

  • CRM and lead‑generation data

  • technical identifiers (IP address, device, browser)

  • any data uploaded or submitted by the Client

Konstante does not process special categories of data unless explicitly agreed.

5. Purpose and Nature of Processing

Konstante processes personal data solely for:

  • providing and operating the Services

  • automation, communication, and lead‑generation functions

  • platform performance and security

  • analytics and technical support

Konstante shall not process data for its own purposes.

6. Processor Obligations

Konstante shall:

  • process data only on documented instructions from the Client

  • ensure confidentiality of personnel

  • implement appropriate technical and organizational security measures

  • assist the Client with data subject requests

  • notify the Client of any personal data breach without undue delay

  • delete or return personal data upon termination of the Agreement

7. Subprocessors

Konstante may engage subprocessors to support the Services, including:

  • hosting providers

  • communication platforms

  • analytics tools

  • automation and AI infrastructure providers

Konstante ensures that all subprocessors are bound by GDPR‑compliant agreements.

A current list of subprocessors is available upon request.

8. International Transfers

If personal data is transferred outside the EEA, Konstante ensures lawful safeguards, including:

  • Standard Contractual Clauses (SCCs)

  • adequacy decisions

  • other GDPR‑approved mechanisms

9. Security Measures

Konstante implements appropriate measures, including:

  • encryption in transit and at rest

  • access control and authentication

  • secure data storage

  • monitoring and incident response

  • regular backups

10. Assistance to the Controller

Konstante shall assist the Client with:

  • responding to data subject rights requests

  • data protection impact assessments (DPIA)

  • breach notifications

  • regulatory inquiries

11. Data Breach Notification

Konstante shall notify the Client without undue delay after becoming aware of a personal data breach.

Notification will include:

  • nature of the breach

  • categories and number of data subjects

  • likely consequences

  • measures taken or proposed

12. Return or Deletion of Data

Upon termination of the Agreement, Konstante shall:

  • delete all personal data, or

  • return it to the Client upon request

unless storage is required by law.

13. Liability

Liability is governed by the Terms & Conditions.

14. Duration

This DPA remains in effect for the duration of the Agreement and as long as Konstante processes personal data on behalf of the Client.

15. Incorporation into Terms & Conditions

This DPA is automatically incorporated into the Terms & Conditions.

By accepting the Terms & Conditions, the Client also accepts this DPA.

No separate signature is required.