Legal

Data Processing Agreement

OMINEX provides a standard GDPR Art. 28-aligned Data Processing Agreement to all customers as part of the Master Subscription Agreement. The DPA covers controller-to-processor terms, sub-processor authorization, transfer mechanism, breach notification, audit rights, and termination return / deletion.

Request a demo Request trust review

Start with the path that matches your buying stage, then move deeper once your team needs technical, diligence, or workflow detail.

What's in the DPA

Controller-to-processor scope and instructions (Art. 28(3))
Confidentiality and personnel obligations
Technical and Organizational Measures (TOMs) annex (Art. 32)
General sub-processor authorization with 30-day notice and objection
Assistance with data subject rights, DPIAs, and supervisory consultation
72-hour Personal Data Breach notification commitment
Annual audit rights with 60-day notice; SOC 2 / ISO reports on request
Standard Contractual Clauses (2021/914 Module 2) for international transfers
UK Addendum and Swiss carve-outs
Return or deletion at termination
CCPA / CPRA service-provider terms

Annexes

Annex 1: List of parties.
Annex 2: Description of processing — purposes, categories of data subjects and personal data, retention.
Annex 3: Technical and Organizational Measures, covering encryption, access control, network, application, operational, personnel, vendor management, incident response, data minimization, physical security, and logging.
Annex 4: Sub-processors — current list at /sub-processors.

How to receive the DPA

The current DPA template is available to evaluators and prospective customers under NDA. Existing customers receive the DPA as a deliverable of contract execution. To request a copy:

Request the DPA Email [email protected]

Privacy Policy — public-facing privacy notice.
Sub-processor list — current third parties involved in processing.
Trust Center — Security pack — broader procurement-facing diligence package.