Data Processing Agreement — FEDCEN
Last updated: June 26, 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Use and governs how FEDCEN processes personal data on behalf of users (“the Controller”).
1. Roles
- Controller: The user or organization providing data
- Processor: FEDCEN, processing data on behalf of the Controller
2. Subject of Processing
FEDCEN processes personal data for:
- Account creation
- Platform access
- Compliance and traceability functions
- Security and operational monitoring
4. Duration
Processing continues for as long as the user maintains an account or uses the Service.
5. Processor Obligations
FEDCEN will:
- Process data only on documented instructions
- Implement appropriate security measures
- Ensure confidentiality of personnel
- Assist with GDPR rights requests
- Notify the Controller of data breaches
- Delete or return data upon request
6. Sub‑Processors
FEDCEN may use GDPR‑compliant sub‑processors (e.g., hosting providers). A list will be provided upon request.
7. International Transfers
Data is stored in the EU or transferred under GDPR‑approved safeguards (e.g., SCCs).
8. Security Measures
FEDCEN implements:
- Encryption in transit
- Password hashing
- Access control
- Logging and monitoring
- Secure infrastructure
9. Data Subject Rights
FEDCEN assists the Controller in responding to:
- Access requests
- Deletion requests
- Correction requests
- Data export requests
10. Return or Deletion of Data
Upon termination or request, FEDCEN will:
- Delete personal data
- Or return it to the Controller
Backups may persist for a limited retention period.
11. Audit Rights
Upon reasonable notice, the Controller may request information necessary to verify compliance.
12. Contact
For DPA matters: info@fedcen.eu