Overview of PASERO's personal data handling

When visiting the website, PASERO-MI Ltd. collects Personal Data on its visitors and registered users. We don’t sell your Personal Data to anybody. Read this quick overview or go to the full privacy policy here:

Registration and billing

- To provision you the service
  • Personal data: name, email address, billing information
  • Third Parties used: Amazon Web Services, ProtonMail, online payment&accounting service provider, accountant
  • Retention: 8 years if required by law
  • find out more

Visitors and cookies

- For user experience & statistics
  • Personal data: IP, browser info, webpage usage information
  • Third Parties used: Amazon Web Services, Google Analytics
  • Retention: 90 days
  • find out more


- Personal data you might upload when using the service
  • Personal data: contract signatories and contacts, name and email address of users, e-mail address of your customers, free text within comments and descriptions
  • Third Parties used: Amazon Web Services
  • Retention: until you have an account
  • find out more

Rights and questions

  • Rights regarding Personal Data for Registered users
  • find out more

PASERO contact information

- if you have any questions
  • PASERO-MI Ltd.
  • H-1221 Budapest, Ady Endre ut 87, Hungary
  • privacy@pasero.me
  • find out more

Data processing agreement – not just a template but qualifying data processors

This is a summary of the article written by Katalin Cseko and published on 6th January 2021 here: https://arsboni.hu/adatfeldolgozoi-szerzodes-nemcsak-egy-checklista/

Can you use a data processing agreement template?

The preparation and integration of the DPA into the main agreement has a significant impact on the future collaboration of the contracting parties. Additionally, it is one of the main documents for both parties to meet GDPR accountability compliance. The selection of a proper data processor and the custom tailoring of the agreement to the specific situation should be part of the negotiation process.

Selecting a proper data processor

A data processor must be well-qualified to provide the data processing services. This does not only mean to provide feature-rich services, but to have the needed technical and organizational measures (TOMs) to guarantee the needed data protection and security requirements. As only the data controller can know the associated risks and they have the accountability, the required level of TOMs should be negotiated mutually before entering into an agreement. If during the negotiations the data controller cannot gain certainty that the data processor can meet the needed assurances, these concerns should either be addressed in the DPA or a different data processor should be used.

Wider aspects to consider before starting data sharing

Evaluation of the data processor should include wider investigation into the capabilities of the organization. Do they have enough resources to handle extraordinary events, like incidents? Are they reliable, how is their overall reputation? If they had any previous incidents, what did they do to avoid further recurrences? Such information is usually collected via the use of questionnaires.

Provisions of the data processing agreement

Depending on the structure of the agreement, clauses related to the data sharing can be integrated into the main text or put into a data processing addendum. In general, for the sake of readability, a separate addendum is usually preferred. The main requirements relating to the provisions are prescribed by respective data protection law, but the agreement should not just be the repetition of relevant clauses. The DPA should include a meaningful determination of the responsibilities around the complete data processing, including all rights, accountabilities, and duties. An easy-to-understand description of the complete data processing flow is strongly advised to avoid any misunderstanding. Similarly, addressing the individual data subject rights and requests, and the exact processes to be followed for meeting these use cases should be included.

Of significance is the clarification of the duties associated with the personal data in case of termination of the agreement. Data protection law prescribes the general duties for such scenarios, but specific data formats and the burden for organizing eventual data transfers is not prescribed. These should be technically defined as much as possible in the agreement text, considering the complete data flow in which the data processor is integrated.

The resulting final text should be the result of the collaboration of multiple disciplines, including legal, business, and IT. This way the agreement will not just be a boilerplate but an actual reference to go back to in case of doubt. And through the process, the data controller also has a chance to grow and improve.

Get a demo!

Book a demo and let us show you, how we can take of the burden of managing your data processing agreements and help meet data protection regulatory compliance.

Book demo

pasero logo