Data Processing Agreement

1. Roles

The client organization is the data controller. Dynaminds (B2B.net S.A.) acts as data processor, processing personal data only on the controller's documented instructions.

2. Subject matter & duration

Processing of service-desk data (tickets, comments, attachments, contact details) for the duration of the service agreement, plus the retention periods set out in the privacy policy.

3. Nature & purpose

• Receiving, storing, and routing support requests
• Enabling communication between the client and the Dynaminds team
• SLA monitoring and reporting

4. Categories of data & data subjects

• Identification + contact data (name, email) of the client's end users and staff
• Content the data subject submits within tickets and comments

5. Sub-processors

Engaged under their own DPAs, EU-hosted: Supabase (database, Frankfurt), Microsoft Azure/M365 (email, EU tenant), Hetzner (servers, Nuremberg), Cloudflare (CDN/WAF), Sentry (error tracking, Frankfurt). The full, current list is maintained in the privacy policy.

6. Security measures (Art. 32)

• Tenant isolation enforced by row-level security on every table
• Encryption in transit (TLS 1.2+) and at rest (provider-managed)
• Least-privilege access; service credentials isolated server-side
• Append-only audit log; secret scanning in CI

7. Data subject rights & assistance

Dynaminds assists the controller in fulfilling access, rectification, erasure, and portability requests, including self-service export (Art. 20) and erasure with anonymization (Art. 17).

8. Breach notification

Dynaminds notifies the controller without undue delay after becoming aware of a personal data breach.

9. Return & deletion

On termination, data is returned or deleted at the controller's choice, subject to legal retention obligations.