Skip to content
AI Risk Hub
Compliance Engine

Data Processing Agreement

Standard B2B Contractual Clauses

This Data Processing Agreement ("DPA") forms part of the Terms of Service. By subscribing to the AI Risk Hub SaaS, you (the "Data Controller") agree to these terms with VAN DEN ELSHOUT LTD (the "Data Processor").

1. Definitions

Terms such as "Processing", "Personal Data", "Data Controller", and "Data Processor" shall have the meaning given to them in the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. Nature and Purpose of Processing

The Data Processor will process Personal Data only to provide the AI Risk Hub software services, specifically for generating EU AI Act compliance roadmaps, storing system configurations, and managing user accounts on behalf of the Data Controller.

3. Obligations of the Data Processor

  • Process Personal Data only on documented instructions from the Data Controller.
  • Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
  • Take all measures required pursuant to Article 32 of the GDPR (Security of Processing), including encryption at rest and in transit.
  • Not engage another processor (Sub-processor) without prior specific or general written authorization of the Data Controller.

4. Sub-processors

The Data Controller agrees that the Data Processor may engage third-party infrastructure providers (e.g., AWS, Stripe) to provide the underlying services. The Data Processor remains liable for the acts and omissions of its Sub-processors.

5. Deletion of Data

Upon termination of the service, the Data Processor shall, at the choice of the Data Controller, delete or return all Personal Data to the Data Controller, and delete existing copies unless Union or Member State law requires storage of the Personal Data.

We use necessary cookies to make our site work safely. We would also like to set optional analytics cookies to help us improve it. We will not set optional cookies unless you enable them. Read Policy