DPA - Data Processing Agreement
Conditions of the processing order in accordance with the GDPR for B2B clients.
Parts and role
The client acts as Data Controller and Listto as Processor, in accordance with the RGPD and the LOPDGDD.
Purpose and duration
The purpose of the processing is to provide the service (estimates, invoices and support). Lasts as long as the contractual relationship exists; Upon completion, the data is returned or deleted according to instructions, except legal obligations.
Instructions and confidentiality
Listto processes data only under documented instructions from the customer. Authorized personnel maintain confidentiality obligations.
Technical and organizational measures
We apply measures appropriate to the risk, including access control, encryption in transit, activity logs, backups and periodic reviews.
Subprocessors
Listto can use subprocessors for infrastructure, messaging, payments, and support. The updated list with country of treatment is available in /subprocessors/ and changes are notified with reasonable advance notice.
Transfers and assistance
If any subprocessor operates outside the EEA, appropriate safeguards (for example, standard contractual clauses) apply. Listto assists in the exercise of rights and notifies breaches without undue delay.