🇩🇪 Deutsch 🇺🇸 English 🇪🇸 Español 🇫🇷 Français 🇮🇹 Italiano 🇳🇱 Nederlands 🇵🇹 Português
🇩🇪 Deutsch 🇺🇸 English 🇪🇸 Español 🇫🇷 Français 🇮🇹 Italiano 🇳🇱 Nederlands 🇵🇹 Português

Data Processing Agreement

Data Processing Agreement (DPA)

Last updated: January 26, 2026

This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions between SARL ZHULI (“Pageface”, “Processor”, “we”, “us”) and the user of the Pageface Service (“Customer”, “Controller”).

This DPA applies to the extent that Pageface processes Personal Data on behalf of the Customer in the course of providing the Service, in accordance with Regulation (EU) 2016/679 (the “GDPR”).

1. Definitions

Capitalized terms not defined in this DPA have the meaning given in the GDPR or the Terms & Conditions.

2. Roles of the parties

  • The Customer acts as the Data Controller with respect to Personal Data processed through applications and content created using the Service.
  • Pageface acts as the Data Processor and processes Personal Data only on documented instructions from the Customer.

3. Scope and purpose of processing

Pageface processes Personal Data solely for the purpose of providing, operating, maintaining, and securing the Service, including hosting, deployment, support, and technical operations.

4. Categories of data and data subjects

4.1 Categories of Personal Data

  • Account and contact data
  • Application configuration and content data
  • End-user data processed through Customer applications
  • Technical, usage, and log data

4.2 Categories of Data Subjects

  • Customer users and administrators
  • End users of Customer applications

5. Duration of processing

Processing shall continue for the duration of the Customer’s use of the Service and, thereafter, for any period required under applicable law or as necessary for backup, security, and dispute resolution purposes.

6. Processor obligations

Pageface shall:

  • process Personal Data only on documented instructions from the Customer;
  • ensure that persons authorized to process Personal Data are bound by confidentiality;
  • implement appropriate technical and organizational measures to protect Personal Data;
  • assist the Customer in responding to Data Subject requests where applicable;
  • assist the Customer in ensuring compliance with Articles 32–36 of the GDPR;
  • notify the Customer without undue delay of any Personal Data Breach.

7. Sub-processors

The Customer authorizes Pageface to engage sub-processors for the provision of the Service, including hosting, infrastructure, and support providers.

Pageface shall ensure that sub-processors are subject to data protection obligations substantially equivalent to those set out in this DPA.

8. Data transfers

Pageface’s primary servers are located in Germany (Nuremberg), and Personal Data is primarily processed within the European Union.

Where Personal Data is transferred outside the European Economic Area (EEA), Pageface shall ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Security measures

Pageface implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to:

  • encryption of data in transit (HTTPS / SSL);
  • logical access controls and authentication mechanisms;
  • segregation of Customer environments;
  • regular security updates and monitoring.

10. Data subject rights

Taking into account the nature of the processing, Pageface shall assist the Customer by appropriate technical and organizational measures, insofar as possible, to enable the Customer to respond to requests for exercising Data Subject rights under the GDPR.

11. Deletion or return of data

Upon termination of the Service, Pageface shall, at the Customer’s choice, delete or return all Personal Data processed on behalf of the Customer, unless retention is required by applicable law.

12. Audits

Pageface shall make available to the Customer information reasonably necessary to demonstrate compliance with this DPA and allow for audits as required by GDPR, subject to reasonable confidentiality and security constraints.

13. Liability

Liability arising out of or in connection with this DPA shall be subject to the limitations of liability set forth in the Terms & Conditions, to the extent permitted by applicable law.

14. Governing law

This DPA shall be governed by and construed in accordance with the laws of France.

15. Contact

For questions regarding this DPA, please contact:
SARL ZHULI
[email protected]

Go To Top