Last updated: May 19, 2026
Last updated: May 2026
Purpose
This DPA forms part of any engagement under Article 28 GDPR.
Scope
Business contact data, system data and end-user data as defined in the main agreement.
Obligations
- Process data only on documented instructions.
- Personnel confidentiality.
- Article 32 GDPR technical and organisational measures.
- Sub-processors with written authorisation.
- Assist with data-subject requests and incidents.
- Delete or return data at end of engagement.
Transfers
Transfers outside EU/EEA via SCCs.
Audit
Reasonable notice, business hours.
Signed copy
Contact hello@aitmultiverse.com.