Data Processing Agreement

in accordance with Art. 28 GDPR

Parties

Signature Business Solutions
Smart Business Bio
Halil Aksit
Pickertstraße 45
24143 Kiel
Germany
Email: info@signature-business-solutions.com

– hereinafter referred to as the "Processor" –

and

[Name of the customer / company / practice]
System registration data

– hereinafter referred to as the "Controller" –

§1 Subject of the Processing

The Processor provides the Controller with the "Smart Business Bio" platform. This includes:

• Digital business card
• Contact forms and messaging system
• Consent logging
• AI card scanner
• CRM integration (optional)

The Processor processes personal data on behalf of the Controller in accordance with Art. 28 GDPR.

§2 Nature and Purpose of the Processing

• Display of publicly available contact information
• Processing of form and message inquiries
• Storage of consents (e.g., newsletter, video activation)
• Transfer to CRM (if booked)
• Secure operation of the platform including hosting (Module 1/2)
  
  

§3 Categories of Data and Data Subjects

Types of data processed:

• Name, email, phone number, if applicable address
• Communication contents
• IP addresses (shortened), timestamps, form paths

Categories of data subjects:

• Visitors of the digital business card
• Recipients and senders of messages
• End users of form functions
  
  

§4 Obligations of the Processor

• Processing only based on documented instructions
• Technical and organizational measures (TOM) in accordance with Art. 32 GDPR
• Support in exercising data subject rights and managing data breaches
• Logging of consents (6 months)
• Deletion of data according to §6
• No data sharing with third parties without consent
• No autonomous data usage
  
  

§5 Technical and Organizational Measures (TOM)

• Hosting in Frankfurt a. M. (Digital Ocean LLC)
• TLS encryption of all connections
• Server-level access protection
• Logging and monitoring of access

Automatic deletion:

• Server logs after 14 days
• Consents after 6 months
• User profiles after cancellation
  
  

§6 Duration of Processing

Processing shall take place for the duration of the active contractual relationship.

After contract termination, all data will be deleted no later than 30 days after cancellation, unless statutory retention obligations exist.

§7 Rights and Obligations of the Controller

• Right to issue, modify, and revoke instructions at any time
• Duty to provide information regarding data protection risks
• Obligation to cooperate with data subject requests and regulatory audits
• Optional audits (by prior arrangement)
  
  

§8 Subprocessing

The Controller approves the following subprocessors:

• Service Provider: Digital Ocean LLC
• Service: Hosting, infrastructure
• Location: Frankfurt a. M.

(others on request, e.g. Email/CRM services)

Changes require prior notice.

§9 Final Provisions

• Changes and additions require written form.
• If any clause is invalid, the rest of the agreement remains valid.
• German law shall apply. Jurisdiction is Kiel.