Data processing agreement

Standard Contractual Clauses

For the purposes of Article 28(3) of Regulation 2016/679 (the GDPR)

between

Wult ApS
CVR 40692967
Strandlodsvej 44, 3.
2300 København S
Denmark

(the data processor)

and

the customer,
who has agreed to receive the Wult Services under separate Sign-up with Wult

(the data controller)

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to meet the requirements of the GDPR and to ensure the protection of the rights of the data subject.

Information about the processing

The Wult platform enables the data controller to:

  1. Collect data from external sources. By external meaning sources that is not owned or controlled by any of the parties to this agreement. The data controller identifies the sources of this takes and has the full responsibility to ensure it can be legally collected.
  2. Store collected and 1st party data in the Wult platform.
  3. To quality enhance and test the data.

The data stored and processes is not given to be PII but might be. The platform is schema agnostic meaning it is designed to work with any data type specified by the data controller.

Instruction pertaining to the use of personal data

  1. The subject of/instruction for the processing
    The data processor’s processing of personal data on behalf of the data controller shall be carried out by the data processor executing the routines and algorithms defined and configured by the data controller through the Wult platform.
  2. Security of processing
    The data processor will make available a number of tools for the data controller to encrypt or otherwise pseudonymise data according to their needs.

    Unless directed by the data controller, the data processer will only allow data transfers of data through secure and encrypted cannels.

  3. Assistance to the data controller
    The data processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the data controller in accordance with Clause 9.1. and 9.2.
  4. Storage period/erasure procedures
    Personal data is stored for 2 years after which the personal data is automatically erased by the data processor. The data controller can extend the period for which to keep the data if that data can still be deemed useable for the data controller. It is the duty of the data controller not to extend the data period for data where it is not an absolute necessity.
  5. Processing location
    Processing of the personal data under the Clauses cannot be performed at other locations than the following without the data controller’s prior written authorisation:

    1. The Wult intrastructure inside the EU
    2. Infrastructure in the data controllers home state.
  6. Instruction on the transfer of personal data to third countries
    The data processer must prior to using the Wult platform obtain the legal basis for collecting and storing any data in the locations they wish to. Data from the Wult platfrom can be extracted on the same basis.
  7. Procedures for the data controller’s audits, including inspections, of the processing of personal data being performed by the data processor
    The data processor shall withing 2 months at the data controller’s expense obtain an inspection report from an independent third party concerning the data processor’s compliance with the GDPR, the applicable EU or Member State data protection provisions and the Clauses.
Arrow-up