Art. 28 GDPR / DPA
DPA / Data Processing Agreement
This document describes commissioned processing for OpenDucks IT services. Roles, services, TOMs, subprocessors and annexes should be reviewed and adapted where required for the specific engagement.
1. Subject Matter
The DPA governs the processing of personal data by OpenDucks IT as processor in connection with agreed IT, hosting, support, software or managed-service work.
2. Nature and Purpose
Typical purposes include provisioning, operation, security, maintenance, troubleshooting, backup, monitoring and support of the commissioned services.
3. Data and Data Subjects
Depending on the service, contact, access, communication, contract, billing, usage, log, content and support data may be involved. Data subjects may include customers, employees, users, administrators and communication partners.
4. Obligations and Instructions
OpenDucks IT processes personal data only on documented instructions, maintains confidentiality and supports the controller within the scope required by law.
5. TOMs and Subprocessors
Appropriate technical and organisational measures as well as any subprocessors should be documented in annexes and kept up to date.
6. Return and Deletion
After the end of the service, personal data is deleted or returned according to instructions unless legal retention duties or legitimate evidence and security reasons apply.
Last updated: 2026-05-02 - Version 1.0.