Data Processing Agreement (DPA)
Last updated: January 2026
In accordance with GDPR Article 28, a Data Processing Agreement (DPA) is required when a processor handles personal data on behalf of a controller.
Download DPA
DPA Contents
Our DPA covers the following éléments in accordance with GDPR Article 28:
Subject matter and duration of processing
Nature and purpose of processing
Type of personal data
Categories of data subjects
Processor obligations
Controller rights
Technical security measures
Assistance for data subject rights
Breach notification
Sub-processing
International transfers
Audits and inspections
Security Measures
Annex 2 of the DPA détails our technical and organizational measures:
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Access Control: RBAC, 2FA, least privilege principle
- Logging: Audited access logs, 90-day retention
- Continuity: Daily encrypted backups, tested disaster recovery
- Testing: Annual pentests, bug bounty program
Standard Contractual Clauses (SCCs)
For data transfers outside Switzerland/EU, we include the European Commission's Standard Contractual Clauses (2021 version). These clauses are incorporated in Annex 3 of the DPA.
UK International Data Transfer Addendum
For UK clients, the ICO's International Data Transfer Addendum is included in Annex 4.
How to Sign the DPA
- Download the DPA in your preferred language
- Complete your organization's information (Annex 1)
- Sign and send to légal@adlibo.com
- We will return a countersigned copy within 5 business days
Enterprise Clients
For Enterprise clients, we can customize the DPA to your specific requirements. Contact your account manager or légal@adlibo.com.
Contact
For questions about the DPA:
- Email: légal@adlibo.com
- DPO: dpo@adlibo.com