Löydä ja tule löydetyksi duunyn kautta

Duuny.ai – Data Processing Agreement (DPA)

Last Updated: December 2025

This Data Processing Agreement ("Agreement") forms part of the Terms of Service between the Customer ("Controller") and Duuny ("Processor") regarding the processing of personal data within the Duuny platform ("Service").

1. Subject and Duration

This Agreement governs personal data processing carried out by Duuny on behalf of the Controller for the purpose of providing the Service and remains in force for the duration of the Controller's use of the Service.

2. Roles of the Parties

The Controller determines the purposes and means of processing. Duuny acts solely as a Processor and processes personal data only according to the Controller's instructions and GDPR.

3. Nature and Purpose of Processing

Duuny processes personal data for account creation, profile management, service matching, communication, security, fraud prevention, analytics, and overall platform functionality. No processing occurs outside these purposes.

4. Categories of Data and Data Subjects

Processed data may include names, emails, phone numbers, business details, profile information, communication metadata, and service-related information. Data subjects include users, business representatives, and customers. No special categories of personal data are processed.

5. Processor Obligations

Duuny shall:

  • (a) process data only per Controller instructions;
  • (b) ensure confidentiality of personnel;
  • (c) implement appropriate technical and organizational security measures;
  • (d) assist the Controller in fulfilling GDPR obligations;
  • (e) notify the Controller without undue delay of data breaches;
  • (f) maintain records of processing;
  • (g) delete or return personal data upon termination unless law requires retention.

6. Subprocessors

Duuny may use subprocessors for hosting, storage, communication, analytics, or infrastructure. Subprocessors are bound by equivalent obligations. The Controller grants general authorization for subprocessors. A list is available upon request.

7. International Transfers

If personal data is transferred outside the EU/EEA, Duuny ensures appropriate safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs). All transfers comply with GDPR.

8. Security Measures

Duuny implements measures including encrypted transmission and storage (where applicable), access controls, authentication, monitoring, logging, and periodic security reviews. Further details available upon request.

9. Assistance to Controller

Duuny assists the Controller with data subject rights requests, incident response, and DPIA-related obligations where required. Reasonable fees may apply for extensive assistance.

10. Data Breach Notification

Duuny notifies the Controller without undue delay upon becoming aware of a personal data breach, providing available information on its nature, impact, consequences, and mitigation actions.

11. Return or Deletion of Data

Upon termination of the Service, personal data is deleted or returned to the Controller upon request unless mandatory law requires retention.

12. Audits

The Controller may request information necessary to demonstrate compliance. Audits may be conducted with reasonable notice and without disrupting Duuny's operations. Costs may apply for on-site audits.

13. Liability

Liability follows the main Service Agreement. Nothing in this Agreement limits mandatory rights or obligations under GDPR.

14. Governing Law

This Agreement is governed by the laws applicable to Duuny's main establishment within the EU.

Contact

For questions about this Data Processing Agreement: