This Data Processing Agreement ("DPA") forms part of our Terms of Service and Privacy Policy and applies to the processing of personal data by EuroMakers in accordance with the EU General Data Protection Regulation (GDPR).
1. Definitions
For the purposes of this DPA, the terms "Controller", "Processor", "Data Subject", "Personal Data", "Processing", "Supervisory Authority" shall have the same meaning as in the GDPR.
2. Roles and Responsibilities
For the purposes of the GDPR:
- EuroMakers acts as a Data Controller for personal data collected directly from users.
- Our service providers (Vercel, PostHog, SMTP2GO, Cloudflare, and Zoho) act as Data Processors.
3. Data Processing Details
3.1 Subject Matter and Duration
The subject matter of the processing is the provision of our services. The processing will continue for the duration of your use of our services.
3.2 Nature and Purpose of Processing
Personal data is processed for the following purposes:
- To provide and maintain our services
- To notify you about changes to our services
- To provide customer support
- To gather analytics to improve our services
- To process software submissions and updates
3.3 Types of Personal Data
The types of personal data processed include:
- Contact information (name, email address)
- Usage data (pages visited, time spent on pages)
- Technical data (IP address, browser type, device information)
4. Data Processor Obligations
We ensure that our data processors:
- Process personal data only on documented instructions from us
- Ensure that persons authorized to process personal data have committed to confidentiality
- Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
- Assist us in fulfilling our obligations to respond to data subjects' requests
- Assist us in ensuring compliance with security, data breach notification, and impact assessment obligations
- Delete or return all personal data after the end of the provision of services
- Make available all information necessary to demonstrate compliance
- Obtain our authorization before engaging sub-processors and ensure they are bound by the same data protection obligations
5. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules where applicable
- Adequacy decisions by the European Commission
Specifically:
- Vercel: While our functions are processed in the EU, static content may be served from locations in the United States. Vercel has implemented Standard Contractual Clauses.
- PostHog: Our PostHog instance is hosted in the EU.
- SMTP2GO: Our SMTP2GO services are hosted in the EU, ensuring that your email data remains within the European Economic Area.
- Cloudflare: Cloudflare may process certain data globally but has implemented Standard Contractual Clauses.
- Zoho: Zoho processes data globally with EU data centers and has implemented Standard Contractual Clauses for international transfers.
6. Data Retention
We retain personal data for specific periods based on the type of data and purpose:
- Analytics data: 1 year in PostHog
- Email logs: 5 days in SMTP2GO
- Contact form submissions: 1 year
- Software submission data: Duration of listing on platform
- Rate limiting data: 60 seconds (temporary in-memory storage)
- Traffic data via CDN: 24 hours to 30 days depending on security feature
7. Data Subject Rights
We will assist data subjects in exercising their rights under the GDPR, including:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
To exercise these rights, please contact us using the information provided in our Privacy Policy.
8. Contact Information
If you have any questions about this DPA, please contact us: