Data processing agreement (DPA)
In compliance with GDPR regulations, CookieHub provides a Data Processing Agreement (DPA) to help clients meet their legal obligations when using our consent management services. A DPA is a contract between:
- Data controller: The entity that determines how personal data is processed (you, the customer)
- Data processor: The entity that processes personal data on behalf of the controller (CookieHub)
Since CookieHub processes limited personal data (such as consent preferences and anonymized IP addresses) on behalf of clients, a DPA formalizes this relationship and ensures compliance with GDPR.
Why a DPA is required
Under GDPR, businesses acting as data controllers must ensure that third-party processors handle personal data in compliance with the law. CookieHub, as a data processor, offers a DPA to define:
- Roles and responsibilities
- Legal obligations for data protection
- Data processing scope and security measures
What the DPA covers
- Scope of processing: Details the types of data processed (e.g., consent preferences) and purpose of processing.
- Data protection measures: Outlines security measures implemented by CookieHub.
- Data retention: Specifies retention periods in line with GDPR and CookieHub policies.
- Third-party sub-processors: Lists providers assisting CookieHub in delivering services.
- Data subject rights: Ensures compliance with user rights such as access, correction, and deletion.
How to obtain a signed DPA
For active paid customers:
- Contact our support team with the following details:
- Company name
- Registration number
- Address
- Primary email address linked to your CookieHub account
- We will provide a signed DPA once the request is processed.
Custom DPA for enterprise customers
Enterprise customers can request a custom DPA if specific clauses or provisions are required. This is subject to approval by CookieHub’s legal team and may require additional processing time.
Download the standard DPA
CookieHub provides a standard DPA template for download: