Data Processing Agreement (DPA) for ActNation.io

Effective Date: 2024

1. PARTIES

This Data Processing Agreement ("Agreement") is made between:
1. **ActNation ApS**, CVR 43734342, Havnegade 53 A 3, 1058 København K, Denmark ("Processor"); and
2. The **Customer**, the entity subscribing to ActNation’s services ("Controller").

2. SUBJECT MATTER AND PURPOSE

This Agreement governs ActNation’s processing of personal data on behalf of the Customer to provide SaaS payroll donation services in compliance with GDPR.

3. DATA PROCESSING SCOPE

- **Categories of Data:** Employee names, CPR numbers, donation details, employer details.
- **Data Subjects:** Employees of the Customer, company representatives.
- **Processing Purpose:** Facilitation of payroll donations, invoicing, and tax reporting.
- **Processing Duration:** Data is retained only as long as required for service provision and legal compliance.

4. CONTROLLER RESPONSIBILITIES

The Customer, as the data controller, is responsible for ensuring that personal data is collected lawfully and that appropriate consent has been obtained where necessary.

5. PROCESSOR RESPONSIBILITIES

ActNation will:
- Process personal data only on documented instructions from the Customer.
- Implement appropriate security measures to protect data.
- Assist the Customer in fulfilling GDPR obligations.
- Notify the Customer of any data breaches.

6. DATA TRANSFERS

Data is processed within the EU. If data is transferred outside the EU, appropriate safeguards such as Standard Contractual Clauses (SCCs) will be implemented.

7. SECURITY MEASURES

ActNation implements technical and organizational measures to protect personal data, including access controls, encryption, and data anonymization.

8. DATA BREACH NOTIFICATION

In case of a data breach, ActNation will notify the Customer within 72 hours and provide relevant details and mitigation measures.

9. SUBPROCESSORS

ActNation may engage sub-processors for service provision. A list of sub-processors is available upon request.

9.1 Zenegy Integration and Data Transfer

When your organization connects to ActNation via Zenegy, you authorize ActNation to receive the necessary employee and payroll deduction data through Zenegy’s secure API.

This data transfer is initiated only after your organization has explicitly approved the connection within Zenegy. All processing is governed by applicable data protection laws and the terms of this agreement.

ActNation only processes data for active employees, and no personal data is used until the individual employee has consented to participate in ActNation.

10. TERM AND TERMINATION

´
This Agreement remains in effect for as long as ActNation processes data on behalf of the Customer. Upon termination, data will be deleted unless required for legal purposes.