have any question?

+31 30 340 3504 

get quote
menu

find what you need

Data Processing Agreement

Home  Data Processing Agreement

Last Updated: 25/10/2025

This Data Processing Agreement (“Agreement”, “DPA”) is entered into between:

Client (“Controller”) — the individual or company purchasing services from Codexa Design,
and
Codexa Design (“Processor”) — a company registered in the Netherlands, acting as a data processor.

Together referred to as “Parties.”

This Agreement governs the processing of personal data by Codexa Design in the course of providing its services under applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG).

1. Purpose and Scope

1.1 The Processor shall process personal data solely for the purpose of providing web design, development, hosting, and support services as described in the main service agreement or project proposal.

1.2 This DPA applies to all activities where Codexa Design processes, stores, or accesses personal data on behalf of the Client.

1.3 No processing shall take place other than as instructed by the Client, except where required by law.

2. Roles and Responsibilities

  • Controller (Client): Determines the purposes and means of processing personal data.

  • Processor (Codexa Design): Processes personal data only on the Controller’s documented instructions and ensures appropriate data protection measures are in place.

3. Nature and Type of Data Processed

Depending on the project or service, the Processor may handle the following personal data types:

  • Contact details (name, email address, phone number, etc.)

  • Website user data (form submissions, IP addresses, analytics data)

  • Account credentials or administrative information (if provided)

The processing may include collection, storage, organization, access, backup, and deletion as required by the service.

4. Duration of Processing

The Processor will retain and process personal data only for the duration of the service agreement or as required by applicable law.
Upon termination, all personal data will be securely deleted or returned to the Client (see Section 10).

5. Processor’s Obligations

Codexa Design agrees to:

  1. Process data only under the Client’s written or digital instructions.

  2. Keep personal data confidential and ensure staff or subcontractors are bound by confidentiality obligations.

  3. Implement appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or alteration.

  4. Assist the Client in ensuring compliance with GDPR obligations, including responding to data subject requests.

  5. Notify the Client without undue delay (within 72 hours) of any personal data breach.

  6. Maintain a record of all processing activities as required by Article 30(2) GDPR.

6. Technical and Organizational Security Measures

Codexa Design maintains strong security measures, including but not limited to:

  • Secure data centers located in the European Economic Area (EEA)

  • SSL/TLS encryption for all data transmission

  • Access control and authentication procedures

  • Regular system updates, backups, and monitoring

  • Data minimization and retention policies

  • Employee confidentiality agreements

Detailed documentation of measures can be provided upon request.

7. Subprocessors

7.1 Codexa Design may engage trusted Subprocessors (e.g., hosting providers, payment processors, or email service tools) to deliver services.

7.2 All subprocessors are GDPR-compliant and bound by equivalent data protection obligations.

7.3 Current subprocessors may include:

  • Hosting platforms (e.g., SiteGround, Hostinger, or similar EU-compliant providers)

  • Email communication tools (e.g., Gmail, Zoho Mail)

  • Analytics services (e.g., Google Analytics, if enabled)

7.4 The Processor will notify the Client of any intended changes to subprocessors.

8. Data Transfers

8.1 All personal data is stored and processed within the European Economic Area (EEA) wherever possible.
8.2 If data is transferred outside the EEA, Codexa Design ensures that such transfers comply with Chapter V of the GDPR, using approved safeguards such as the EU Standard Contractual Clauses (SCCs).

9. Assistance to Controller

The Processor shall assist the Controller in:

  • Responding to data subjects’ rights requests (access, correction, deletion, portability, etc.)

  • Conducting data protection impact assessments (DPIAs)

  • Cooperating with supervisory authorities (e.g., Autoriteit Persoonsgegevens in the Netherlands)

10. Return or Deletion of Data

Upon completion or termination of the contract:

  • All personal data will be securely deleted or returned to the Controller within 30 days, unless otherwise required by law.

  • Backups containing personal data will be purged within 60 days thereafter.

11. Data Breach Notification

In the event of a confirmed data breach involving personal data, Codexa Design will:

  • Notify the Controller within 72 hours of becoming aware of the breach

  • Provide details of the nature, scope, and impact of the breach

  • Cooperate fully in mitigation, investigation, and notification processes

12. Audits and Inspections

The Controller has the right to request proof of Codexa Design’s data protection measures or to conduct an audit (subject to reasonable notice and confidentiality obligations).

13. Liability

Each party is responsible for its own compliance with GDPR.
Codexa Design’s total liability under this DPA shall not exceed the total fees paid under the main service contract, except in cases of proven gross negligence or willful misconduct.

14. Governing Law and Jurisdiction

This Agreement is governed by the laws of the Netherlands and interpreted in accordance with the EU GDPR.
Any disputes arising under this DPA shall be submitted to the competent courts in the Netherlands.

15. Contact Information

For any questions or data-related inquiries, please contact:

📧 info@codexadesign.com
🌐 www.codexadesign.com