Data Processing Agreement
Data Processing Agreement (DPA)
Last Updated: September 26, 2025
In accordance with Art. 28 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
between
The Customer
(hereinafter referred to as the “Controller”)
and
Kernfamilie UG (haftungsbeschränkt)
Klosterstr. 10,
38889 Blankenburg (Harz),
Germany
(hereinafter referred to as the “Processor” or “SafeChats”)
(Controller and Processor hereinafter jointly referred to as the “Parties”)
Preamble
1: Subject Matter, Duration, Nature, and Purpose of the Processing
2: Type of Data and Categories of Data Subjects
3: Rights and Obligations of the Controller
4: Obligations of the Processor
5: Technical and Organisational Measures (TOMs)
6: Use of Sub-processors
7: Support Obligations of the Processor
8: Rights of Audit and Inspection
9: Deletion and Return of Data
10: Liability
11: Final Provisions
Appendix 1
Technical and Organisational Measures (TOMs)
The Processor has implemented the following measures to protect the Controller's personal data:
1. Confidentiality (Art. 32(1)(b) GDPR)
2. Integrity (Art. 32(1)(b) GDPR)
3. Availability and Resilience (Art. 32(1)(b) GDPR)
4. Procedures for Regular Testing, Assessing and Evaluating (Art. 32(1)(d) GDPR)
Appendix 2
Approved Sub-processors
Register of Approved Sub-processors
Data Processing Agreement (DPA)