Data Processing Agreement (DPA)

This article explains what commissioned data processing in the context of GDPR is, when a data processing agreement (DPA) is necessary and what kind of data processing Sitejet does for you.

Table of contents

What is commissioned data processing?

Commissioned data processing according to GDPR applies when a company (controller) commissions an external service provider (contractor) to process (e.g. analyze or store) personal data in an instruction-bound manner. This means that the responsibility for data processing in compliance with data protection law remains with the client, while the contractor is considered a supporting partner. 

Do I need a DPA?

A DPA is required when the service provided by an external company involves the processing of personal data in an instruction-bound manner - if this has not already been contractually specified. The agreement regulates the rights and obligations of both parties with regard to these data processing activities.

What kind of data processing is done by Sitejet?

The following services are considered as commissioned data processing:
  • Providing statistics on user behavior of website visitors in the Detail View and customer portal
  • Providing and forwarding of form entries (e.g. contact forms)
  • Forwarding of email addresses from blog comments and guestbook entries 
  • Administration of customer data

That is why we advise you to sign a DPA with Sitejet. 

How can I sign a DPA with Sitejet?

To conclude a data processing agreement with Sitejet, we ask you to read, fill out and sign this document. Once you sign the last part you can submit your DPA and will receive a copy of the signed DPA to your email address for your records.

Do my customers have to sign a DPA with Sitejet?

No, your customers do not have to sign a separate DPA with Sitejet, if they don't have their own user account with Sitejet. Sitejet processes data on your behalf. You on the other hand process website data for your customer e.g. form entries and use Sitejet for that. That means that Sitejet should be a part of your privacy policy as a sub-processor. Since you are also processing data for your customers we recommend to also sign a DPA with your customers.

Important: Please note that the information on this page does not provide legal advice. For detailed legal advice on the subject of data protection, we advise you to contact an expert, e.g. a lawyer or a data protection officer.

Become a part of our Community!

Exchange ideas with other web designers about current developments, tips, and tricks and show your favorite sites. Get advice and talk to us about possible features you would like to see on Sitejet. You can join the Sitejetters community here.

Back to the top

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us