Data processing agreement (DPA)

CookieHub provides a Data Processing Agreement (DPA) to govern the processing of personal data on behalf of customers in accordance with Article 28 of the General Data Protection Regulation (GDPR).

When using the CookieHub Services:

  • The customer acts as Data Controller.
  • CookieHub acts as Data Processor.

The DPA formalizes this relationship and defines the legal and operational framework for processing personal data in connection with the Service.

Why a DPA is required

Under GDPR, controllers must ensure that processors provide sufficient guarantees to implement appropriate technical and organizational measures.

As CookieHub processes limited pseudonymous and technical data on behalf of customers, including consent preferences and anonymized IP addresses, the DPA defines:

  • Roles and responsibilities
  • Security and confidentiality obligations
  • Data processing scope and limitations
  • International transfer safeguards
  • Sub-processor requirements
  • Assistance with data subject rights
  • Data retention and deletion procedures

What the DPA covers

The DPA includes:

Scope of processing

Description of categories of personal data processed in connection with consent management.

Security measures

Technical and organizational measures implemented by CookieHub in accordance with GDPR Article 32.

Sub-processors

A list of approved sub-processors and applicable safeguards for international transfers.

Data retention

Retention periods applicable to consent log data and account-related data.

Data subject rights

Obligations to assist controllers in responding to access, correction, deletion, and other rights requests.

International transfers

Safeguards under Chapter V GDPR, including Standard Contractual Clauses where applicable.

Incorporation of the DPA

For customers using the Service under the standard Terms of Service, the DPA forms part of the contractual framework governing the processing of personal data.

A publicly available version of the DPA can be accessed at:

https://dash.cookiehub.com/dpa/CookieHub-DPA-2023.pdf

Signed DPA

Customers who require a countersigned version of the standard DPA may contact support with:

  • Company name
  • Registration number
  • Registered address
  • Primary account email

Enterprise customers may request customized data processing terms subject to review and approval by CookieHub’s legal team.