Data Processing Agreement
September 25, 2025 - version 1.0
1. Parties
This Data Processing Agreement (“DPA”) is entered into between:
• Contractor / Processor: devNoord, located at Margrietlaan 38, 9953 PB Baflo.
• Client / Controller: any natural or legal person who has personal data processed by devNoord.
2. Purposes of Processing
devNoord will process personal data exclusively for the purposes agreed upon in the main or project agreement, including the provision of web hosting, web applications, apps, websites, and other IT services.
3. Duration of Processing
The processing of personal data will take place for the duration of the agreement between devNoord and the Client and/or for as long as is necessary to achieve the purposes of the processing.
4. Obligations of devNoord as Processor
devNoord will:
- Process personal data only on behalf of the Client and in accordance with their instructions;
- Implement appropriate technical and organizational measures to secure personal data;
- Ensure that employees who process personal data are bound by confidentiality;
- Not transfer personal data to third parties without the Client's consent, unless legally required;
- Provide support in fulfilling the rights of data subjects, such as access, correction, or deletion of personal data;
- Assist in reporting data breaches to the Client and/or supervisory authority if necessary.
5. Sub-processors
devNoord may engage third parties (sub-processors) for the performance of the processing, provided that:
- The sub-processor offers sufficient guarantees for appropriate technical and organizational measures;
- A written agreement is concluded in which the sub-processor assumes the same obligations as devNoord;
- The Client is informed in writing about the engagement of a sub-processor.
6. Rights of the Client
The Client has the right to:
- Request information about the personal data and processing performed;
- Give instructions to devNoord regarding the processing;
- Conduct audits or inspections at devNoord concerning compliance with this DPA;
- Request the destruction or return of personal data upon termination of the agreement.
7. Data Breaches
In the event of a data breach, devNoord will report it to the Client without undue delay. devNoord will take all reasonable measures to limit and remedy the data breach and will assist the Client with notifications to supervisory authorities or data subjects.
8. Security Measures
devNoord will implement appropriate technical and organizational measures, including:
- Encryption of data where possible;
- Secure connections (SSL/TLS) for data transfer;
- Restriction of access to personal data to authorized employees;
- Regular backups and monitoring of systems.
9. Termination
Upon termination of the agreement, devNoord will destroy or return all personal data to the Client, unless otherwise agreed or required by legal obligations.
10. Applicable Law and Disputes
This data processing agreement is governed exclusively by Dutch law. Disputes will be submitted to the competent court in the district where devNoord is located.
This data processing agreement may be amended from time to time. The most recent version is always available on our website.
