• We Just Launched Design & Development
  • Save Up to €300
LEARN MORE
  • We Just Launched Design & Development 🎉
LEARN MORE
BOOK CONSULTATION
SIGN UP FREE
BOOK CONSULTATION
SIGN UP FREE

Data Processing Agreement

According to Art. 28 GDPR

Between

Blogtec Solutions OÜ
Viru väljak 2
10111 Tallinn, Estonia
VAT-ID: EE102197659
Registry Number: 14819063
(hereinafter referred to as “Processor”)

and the respective Customer
(hereinafter referred to as “Controller”)

collectively referred to as “Parties”

1. Subject Matter and Duration of Processing

1.1 The Processor provides marketing, development, and digital services to the Controller. As part of these services, the Processor processes personal data on behalf of the Controller in accordance with Art. 28 GDPR.

1.2 The duration of data processing is governed by the term of the main contract between the Parties (Terms of Service).

2. Nature and Purpose of Processing

Processing is carried out exclusively to fulfill the contractually agreed services, particularly:

  • Search Engine Optimization (SEO)
  • Search Engine Advertising (SEA / Google Ads)
  • Social Media Advertising (e.g., Meta Ads)
  • Content Creation and Content Optimization
  • Web Design and Web Development
  • Website Maintenance and Technical Support
  • CRM, Tracking, and Analytics Integrations
  • Email Marketing Integrations (if commissioned)

3. Types of Personal Data

Depending on the project, the following data may be processed:

  • Contact data (name, email, phone number)
  • IP addresses and access data
  • Usage and tracking data
  • Customer data of the Controller
  • Communication data
  • Technical log data

4. Categories of Data Subjects

  • Customers of the Controller
  • Website visitors
  • Newsletter recipients
  • Prospects (leads)
  • Employees of the Controller (if technically necessary)

5. Instructions of the Controller

5.1 The Processor processes personal data exclusively based on documented instructions from the Controller.

5.2 Instructions may be given in text form (e.g., email, project management tool).

5.3 If the Processor believes that an instruction violates data protection law, the Processor shall inform the Controller immediately.

6. Technical and Organizational Measures (TOMs)

The Processor implements appropriate technical and organizational security measures in accordance with Art. 32 GDPR, including:

  • Access restrictions and user roles
  • Password protection
  • Encrypted data transmission (SSL/TLS)
  • Regular system updates
  • Access only for authorized team members
  • Backup and recovery concepts
  • Secure cloud infrastructure with recognized providers

The measures are regularly reviewed and adapted as necessary.

7. Confidentiality

The Processor ensures that all persons involved in data processing are bound to confidentiality.

8. Engagement of Sub-processors

8.1 The Processor is authorized to engage sub-processors (e.g., hosting providers, analytics tools, email tools, cloud services).

8.2 The Processor ensures that appropriate data processing agreements are concluded with all sub-processors.

8.3 Currently engaged typical sub-processors may include:

  • Hosting Providers 
  • Analytics Tools 
  • Advertising Platforms 
  • Email Service Providers 
  • Project Management Tools 
  • CRM & Database Tools 

A detailed list can be provided upon request.

9. Support Obligations

The Processor supports the Controller with:

  • Information requests from data subjects
  • Deletion requests
  • Rectification requests
  • Data protection impact assessments (if required)
  • Reporting of data protection incidents

within the scope of technical possibilities.

10. Notification Obligations for Data Breaches

The Processor shall inform the Controller without undue delay of any personal data breaches that become known.

11. Return and Deletion of Data

Upon request, personal data can be deleted or returned, unless legal retention obligations exist.

12. Liability

The liability provisions of the main contract (Terms of Service) apply.

13. Final Provisions

15.1 Changes to this DPA may be made if required due to legal amendments.

15.2 This DPA is an integral part of the Blogtec Terms of Service.

15.3 Should individual provisions of this DPA be or become invalid, the validity of the remaining provisions shall remain unaffected.

15.4 The law of Estonia shall apply to this DPA.

Contact

For questions regarding this Data Processing Agreement, please contact: info@blogtec.io

New: Design & Development

| |