No. The GDPR requires that a data processing agreement be concluded between a data controller and its data processor(s). Punktum dk, however, is not a data processor for registrants, but a data controller.
A data controller determines the purpose of the processing of personal data - and the means used for the processing.
A data processor processes personal data on behalf of - and under instructions from - the data controller.
The roles are described in detail in the Danish Data Protection Agency's general guidance on the personal data regulation and in more detail in a specific guide on the subject. The documents are in Danish.
Punktum dk processes registrants' personal data, but we also determines the purpose of the processing (primarily establishment and maintenance of the customer relationship) and the means of processing (Punktum dk's IT systems). Thus, Punktum dk is the data controller for its registrant's personal data, and therefore the legislation does not require a data processing agreement.
Thank you for your reply
- we are happy about that.
Hmmm, not good...
We will help you - write us.
Did you find the answer useful?
If you still have questions, we are ready to help!