Data Processing Agreement (DPA)

Last updated: December 2025

This page provides a high-level overview of the IPDips Data Processing Agreement (DPA).

A full, legally binding DPA is available upon request for eligible customers, in accordance with GDPR Article 28.

1. Purpose of the DPA

The DPA governs how IPDips processes personal data on behalf of customers when providing its monitoring and alerting services.

It ensures compliance with:

• Regulation (EU) 2016/679 (GDPR)
• Dutch Algemene Verordening Gegevensbescherming (AVG)
• Applicable ePrivacy regulations

2. Roles & Responsibilities

• Customer: Data Controller
• IPDips: Data Processor

The customer determines the purpose and means of processing.

IPDips processes personal data solely on documented instructions from the customer.

3. Categories of Data Processed

IPDips may process the following data on behalf of customers:

A. Account & Contact Data

• Email addresses
• Names (if provided)
• Authentication credentials

B. Monitoring Configuration Data

• Target endpoints (URLs, IP addresses, ports)
• Check configurations
• Alert settings and notification preferences

C. Technical & Log Data

• Platform activity logs
• Security and audit logs

D. Website Analytics (IPDips website only)

• Aggregated usage statistics via Google Analytics
• No advertising or profiling data

IPDips does not intentionally process special categories of personal data.

4. Processing Activities

Personal data is processed strictly for:

• Providing uptime and performance monitoring services
• Executing checks and generating alerts
• Authenticating users
• Providing customer support
• Ensuring platform security and abuse prevention
• Improving reliability and performance

Customer data is never used for marketing purposes without explicit consent.

5. Subprocessors

IPDips uses carefully selected subprocessors to deliver its services.

Subprocessors may include:

• Cloud infrastructure and hosting providers (EU or GDPR-compliant regions)
• Email and notification delivery services
• Customer support platforms
• Google LLC — for website analytics (Google Analytics)

All subprocessors:

• Are bound by GDPR-compliant Data Processing Agreements
• Are assessed for security and compliance
• Process data only for defined purposes

A full and up-to-date list of subprocessors is available in the full DPA upon request.

6. International Data Transfers

IPDips primarily processes data within the European Economic Area (EEA).

Where data is transferred outside the EEA (e.g. for Google Analytics):

• Standard Contractual Clauses (SCCs) are applied
• Additional technical safeguards (such as IP anonymization and encryption) are used

No international transfers occur without appropriate legal protection.

7. Technical & Organisational Security Measures

IPDips implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

8. Data Subject Rights

IPDips supports all data subject rights under GDPR, including:

• Right of access
• Rectification
• Erasure
• Restriction of processing
• Objection
• Data portability

Requests should be submitted to: info@ipdips.com

IPDips will assist controllers without undue delay.

9. Data Retention

Personal data is retained only for as long as necessary to fulfil contractual obligations and legal requirements.

Retention periods align with:

• The IPDips Privacy Policy
• Dutch statutory obligations

10. Personal Data Breach Notification

In the event of a personal data breach, IPDips will:

• Notify the controller without undue delay
• Provide details on the nature and scope of the breach
• Communicate mitigation measures

This process aligns with GDPR Articles 33 and 34.

11. Customer Responsibilities

Customers (as controllers) are responsible for:

• Ensuring a lawful basis for processing
• Informing end users where required
• Ensuring monitored systems are authorised
• Promptly reporting security or compliance concerns

12. Requesting the Full DPA

Enterprise and business customers may request a signed DPA by contacting: info@ipdips.com

The full DPA includes:

• Detailed definitions
• Complete subprocessor list
• Technical and organisational measures
• Standard Contractual Clauses (where applicable)
• Mutual obligations and liability clauses

Requests should be sent to info@ipdips.com.