Data Processing Agreement

‍

1. Parties

This Data Processing Agreement (“DPA”) is entered into between:

Prezentor ApS
VAT No. 35392610
A.P. Møllers Allé 43B
2791 Dragør
Denmark
(“Data Processor”)

and the Customer (“Data Controller”).

2. Scope

This DPA governs the processing of Personal Data by the Data Processor on behalf of the Data Controller in connection with the provision of the Prezentor platform.

3. Roles

* The Data Controller determines the purposes and means of processing
* The Data Processor processes Personal Data on behalf of the Data Controller

4. Categories of Data

Personal Data may include:

* Name, email and contact details
* Company affiliation
* User account data
* Usage and analytics data
* Device and system data

AI-related data:

* Audio recordings
* Transcripts
* AI-generated summaries and content
* User prompts

5. Nature and Purpose of Processing

Processing is performed to:

* Provide and operate the Platform
* Enable analytics and reporting
* Deliver AI-powered features

6. Instructions

The Data Processor shall process Personal Data only on documented instructions from the Data Controller, including as set out in this DPA and the applicable agreement.

7. Confidentiality

The Data Processor shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality.

8. Security Measures

The measures shall include, as appropriate, pseudonymisation, encryption, and ensuring ongoing confidentiality, integrity, availability and resilience of processing systems.

Details are available at: /security

9. Subprocessors

The Data Processor uses subprocessors listed at: /subprocessors

The Data Processor shall:

* Ensure subprocessors are bound by written agreements
* Remain fully liable for subprocessors
* Notify changes to subprocessors via updates to the list

10. Data Subject Rights

The Data Processor shall assist the Data Controller in fulfilling obligations related to:

* Access
* Rectification
* Erasure
* Restriction
* Portability
* Objection

11. Assistance

The Data Processor shall assist the Data Controller with:

* Data protection impact assessments (DPIA)
* Prior consultations with supervisory authorities
* Compliance obligations under GDPR

12. Personal Data Breach

The Data Processor shall notify the Data Controller without undue delay after becoming aware of a Personal Data Breach.

13. Data Transfers

Processing takes place within the EEA or under appropriate safeguards in accordance with applicable data protection laws.

14. Deletion and Return

Upon termination of services, Personal Data shall be deleted or returned at the instruction of the Data Controller.

15. Audits

The Data Processor shall make available information necessary to demonstrate compliance and allow for reasonable audits, subject to confidentiality and security requirements.

16. AI Processing

The Data Processor is authorized to process Personal Data using AI-based services for:

* Transcription
* Summarisation
* AI-assisted content generation

The Data Processor ensures:

* Personal Data is not used to train AI models
* Processing is stateless and isolated
* Processing takes place within the EEA or under valid safeguards
* Audio recordings are deleted immediately after transcription
* In case of failure, audio is retained for a maximum of 24 hours

17. Liability

Liability shall be governed by the main agreement between the parties.

18. Governing Law

This DPA is governed by Danish law.