DPA and GDPR Terms

1. Scope

This page sets out the baseline data processing terms for customers using ThirdBrainLab in a business context where GDPR or equivalent privacy law applies.

2. Roles

Customer is the controller for customer personal data. ThirdBrainLab acts as processor, except where we determine processing purposes independently (for example security logs), in which case we act as controller.

3. Processing Instructions

ThirdBrainLab processes personal data only on documented customer instructions, including instructions in the customer agreement and product configuration.

4. Security Measures

We maintain technical and organizational measures appropriate to risk, including access control, authentication controls, transport security, and operational monitoring.

5. Subprocessors

ThirdBrainLab may use subprocessors for hosting, authentication, storage, and payments. Subprocessors are bound by confidentiality and data protection obligations.

6. International Transfers

Where required, cross-border transfers are protected through recognized safeguards such as standard contractual clauses.

7. Data Subject Requests and Incidents

We provide reasonable assistance for data subject requests and notify customers of confirmed personal data incidents as required by law and contract.

8. DPA Signature Request

To request a signed DPA version for procurement or compliance, contact legal@thirdbrainlab.com.

Legal entity: Peter Györffy AB, Önds väg 19.0, 231 94 Trelleborg, Sverige.