Data Processing Agreement — FEDCEN

Last updated: June 26, 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Use and governs how FEDCEN processes personal data on behalf of users (“the Controller”).

1. Roles

  • Controller: The user or organization providing data
  • Processor: FEDCEN, processing data on behalf of the Controller

2. Subject of Processing

FEDCEN processes personal data for:

  • Account creation
  • Platform access
  • Compliance and traceability functions
  • Security and operational monitoring

4. Duration

Processing continues for as long as the user maintains an account or uses the Service.

5. Processor Obligations

FEDCEN will:

  • Process data only on documented instructions
  • Implement appropriate security measures
  • Ensure confidentiality of personnel
  • Assist with GDPR rights requests
  • Notify the Controller of data breaches
  • Delete or return data upon request

6. Sub‑Processors

FEDCEN may use GDPR‑compliant sub‑processors (e.g., hosting providers). A list will be provided upon request.

7. International Transfers

Data is stored in the EU or transferred under GDPR‑approved safeguards (e.g., SCCs).

8. Security Measures

FEDCEN implements:

  • Encryption in transit
  • Password hashing
  • Access control
  • Logging and monitoring
  • Secure infrastructure

9. Data Subject Rights

FEDCEN assists the Controller in responding to:

  • Access requests
  • Deletion requests
  • Correction requests
  • Data export requests

10. Return or Deletion of Data

Upon termination or request, FEDCEN will:

  • Delete personal data
  • Or return it to the Controller

Backups may persist for a limited retention period.

11. Audit Rights

Upon reasonable notice, the Controller may request information necessary to verify compliance.

12. Contact

For DPA matters: info@fedcen.eu