Data Processing Agreement (DPA) for actnation.io

Effective Date: 2024

1. PARTIES

Understanding the Data Processing Agreement (DPA) with actnation.io


This Data Processing Agreement ("Agreement") is made between:
1. Actnation ApS, CVR 43734342, Havnegade 53 A 3, 1058 København K, Denmark ("Processor"); and
2. The Customer, the entity subscribing to actnation’s services ("Controller").

2. SUBJECT MATTER AND PURPOSE

Understanding the Data Processing Agreement (DPA) with actnation.io


This Agreement governs actnation’s processing of personal data on behalf of the Customer to provide SaaS payroll donation services in compliance with GDPR.

3. DATA PROCESSING SCOPE


- Categories of Data: Employee names, employee emails, CPR numbers, donation details, and employee and employer details.
- Data Subjects: Employees of the Customer, company representatives.
- Processing Purpose: Facilitation of payroll and/or corporate donations, invoicing, and reporting.
- Processing Duration: Data is retained only as long as required for service provision and legal compliance.

4. CONTROLLER RESPONSIBILITIES

Key Responsibilities of the Data Controller


The Customer, as the data controller, is responsible for ensuring that personal data is collected lawfully and that appropriate consent has been obtained where necessary.

5. PROCESSOR RESPONSIBILITIES

Actnation's Responsibilities as a Data Processor


Actnation will:
- Process personal data only on documented instructions from the Customer.
- Implement appropriate security measures to protect data.
- Assist the Customer in fulfilling GDPR obligations.
- Notify the Customer of any data breaches.

6. DATA TRANSFERS


Data is processed within the EU. If data is transferred outside the EU, appropriate safeguards such as Standard Contractual Clauses (SCCs) will be implemented.

7. SECURITY MEASURES

Data Security and Protection Measures


Actnation implements technical and organizational measures to protect personal data, including access controls, encryption, and data anonymization.

8. DATA BREACH NOTIFICATION


In case of a data breach, actnation will notify the Customer within 72 hours and provide relevant details and mitigation measures.

9. SUBPROCESSORS

Sub-processing and Third-Party Integrations


Actnation may engage sub-processors for service provision. A list of sub-processors is available upon request.

9.1 Zenegy Integration and Data Transfer

When your organization connects to actnation via Zenegy, you authorize ActNation to receive the necessary employee and payroll deduction data through Zenegy’s secure API.This data transfer is initiated only after your organization has explicitly approved the connection within Zenegy. All processing is governed by applicable data protection laws and the terms of this agreement. Actnation only processes data for active employees, and no personal data is used until the individual employee has consented to participate in actnation.


10. TERM AND TERMINATION


This Agreement remains in effect for as long as actnation processes data on behalf of the Customer. Upon termination, data will be deleted or anonymized unless required for legal purposes.