Skip to main content
← Per-Document Subscription

Per-Document Subscription — Data Processing Agreement

Last updated: June 2022

This Data Processing Agreement ("DPA") regulates the processing of personal data by DocDigitizer (Data Processor) on behalf of the Client (Data Controller) for the Per-Document Subscription Service.

1. Purpose

This DPA ensures compliance with the General Data Protection Regulation (GDPR) and Portuguese data protection law regarding personal data processed through the Per-Document Subscription Service.

2. Duration

This DPA remains effective throughout the provision of the Per-Document Subscription Service. Certain clauses continue binding after termination.

3. Nature and Purpose of Processing

Personal data is processed solely for the purpose of providing the contracted document extraction service. Processing for different purposes requires prior written authorization from the Data Controller.

4. Data Controller Obligations

The Data Controller provides only the personal data necessary for proper service processing and ensures lawful basis for such processing.

5. Data Processor Obligations

DocDigitizer commits to:

  • Process personal data solely per written Controller instructions
  • Maintain confidentiality obligations continuing post-termination
  • Implement appropriate technical and organizational security measures, including pseudonymization and encryption
  • Maintain personal data custody, preventing unauthorized disclosure
  • Authorize Sub-processors while transferring all DPA obligations
  • Erase or return personal data per Data Controller choice upon termination
  • Notify Data Controllers of security breaches without undue delay
  • Maintain processing activity records
  • Cooperate with Data Protection Supervisory Authorities
  • Provide information demonstrating DPA obligation fulfillment and allow audits

6. Confidentiality

The Processor undertakes to maintain professional secrecy with regard to all data to which it has access or which have been transmitted to it by the Controller. This obligation continues post-DPA termination.

7. Data Types Processed

The following categories of personal data may be processed through the service:

  • Identification Data (name, NIF/ID, address, telephone, signature, image)
  • Personal Characteristics (civil status, family data, birth date, gender, nationality)
  • Academic and Professional Data (qualifications, professional experience)
  • Employment Details (profession, job position, payroll data)
  • Economic/Financial Data (incomes, investments, bank data, tax data)
  • Commercial Information (business activities, transactions)

Special Categories Prohibition: Neither User nor authorized End Users shall use the Service to process Special Categories of Personal Data (race, ethnicity, religious beliefs, health data, biometric data, etc.).

8. Data Subject Categories

  • Customer of Data Controller
  • Potential Customer of Data Controller
  • Service Providers of Data Controller
  • Employees of Data Controller
  • Contact Persons
  • End Users
  • Other Data Subjects referenced in Uploaded Data

9. Contact

Data protection inquiries: dpo@docdigitizer.com

10. Applicable Law

Portuguese and European regulations, CNPD resolutions and guidelines govern this DPA. Lisbon Courts hold exclusive dispute resolution jurisdiction.

Part of the Joyn Group ecosystem