digitLabs Solutions
digitLabs SOLUTIONS
Web - Agentic AI - Workflows
login

Data Processing Agreement

under Art. 28 GDPR

German version

1. Parties

This Data Processing Agreement is entered into between the respective business user of our applications as controller and digitLabs Holding GmbH & Co. KG, Hauptstraße 29, 29353 Ahnsbeck, Deutschland as processor.

2. Subject matter

digitLabs provides web and mobile applications that allow the controller to capture, process, and transmit vehicle, document, image, and customer data.

3. Purpose of processing

  • Digital capture of vehicle and customer data,
  • Processing of documents, such as vehicle registration documents,
  • OCR and text recognition,
  • Creation and submission of requests, such as damage appraisal requests,
  • Integration with the controller’s own systems or APIs.

4. Types of personal data

  • User account data, such as name and email address,
  • Customer data captured by the controller,
  • Vehicle data,
  • Documents and images,
  • Usage, session, and security data.

5. Categories of data subjects

  • Application users,
  • Customers of the controller,
  • Contact persons of the controller.

6. Controller obligations

The controller is responsible for the lawfulness of the processing, including ensuring a valid legal basis and properly informing data subjects.

7. Processor obligations

  • Process personal data only on documented instructions,
  • Ensure confidentiality of persons authorized to process personal data,
  • Implement appropriate technical and organizational measures,
  • Support the controller with data subject requests where possible,
  • Notify the controller of relevant data protection incidents as legally required.

8. Technical and organizational measures

  • Encrypted data transmission,
  • Role-based access restrictions,
  • Authentication and session management,
  • Logging of security-relevant events,
  • Regular updates of systems used,
  • Backups and recovery measures.

9. Sub-processors

digitLabs currently uses the following sub-processors:

  • Clerk: authentication and session management,
  • Supabase: database, storage, and backend infrastructure,
  • Mistral AI: OCR and text recognition.

Sub-processors are engaged under appropriate contractual arrangements in accordance with Art. 28 GDPR.

10. Transfers to third parties

Where the controller actively submits data to its own systems or external partners, such as SV Berner for appraisal services, this transfer is initiated by and under the responsibility of the controller and is outside the scope of this agreement unless expressly agreed otherwise.

11. Deletion and return

After the end of processing or upon instruction by the controller, digitLabs will delete personal data unless statutory retention obligations or legitimate reasons for further storage apply.

12. Audit rights

The controller may verify compliance with this agreement and applicable legal requirements to a reasonable extent or request appropriate evidence.

13. Contact

Questions about this DPA may be sent to: moc.sbaltigid@ofni

14. Version

Last updated: 05.05.2026

digitLabs Legal · DPA

Note: This sample DPA does not replace individual legal advice and should be reviewed before production use.

Datenschutz & Cookies

Wir verwenden notwendige Cookies für den Betrieb der Website. Optional laden wir Analytics zur Verbesserung von Benutzerfreundlichkeit und Web-Performance. Analytics wird erst nach Ihrer Einwilligung geladen.

Mehr erfahren