Data Processing Agreement
GDPR Article 28 Compliance
This Data Processing Agreement applies to customers using SnappArchive as a data processor under the GDPR.
What is a Data Processing Agreement?
A Data Processing Agreement (DPA) is a legally required contract under GDPR Article 28 between a Data Controller (you, the customer) and a Data Processor (SnappArchive). It outlines how personal data is handled, protected, and processed when you use our Services.
Our DPA ensures full compliance with European data protection laws, including GDPR and Belgian privacy regulations.
Key DPA Terms
1. Processing Instructions
SnappArchive processes personal data solely on your documented instructions and only for the purpose of delivering the Services.
We will promptly inform you if any instruction appears to violate GDPR or applicable law.
2. Data Security (Technical & Organizational Measures)
We implement strong security measures in accordance with GDPR Article 32, including:
A detailed list of Technical and Organizational Measures (TOMs) is included in the signed DPA.
3. EU Data Residency
All data is stored and processed exclusively within the European Union.
Documents, metadata, and backups never leave EU infrastructure.
4. Sub-Processors
We only work with carefully vetted, GDPR-compliant sub-processors.
Each sub-processor:
A full sub-processor list is available upon request at hello@snapparchive.eu.
Customers will be notified prior to the addition or replacement of sub-processors.
5. Confidentiality
All SnappArchive personnel are subject to strict confidentiality obligations.
Access to customer data is restricted and granted only when necessary for support or security purposes, and only under controlled conditions.
6. Data Breach Notification
If a personal data breach affecting your documents occurs, we will notify you:
The notification includes the nature of the breach, its potential impact, and the measures taken.
7. Data Subject Rights Support
We assist you in fulfilling all GDPR data subject rights requests, including:
We provide support in accordance with your obligations as Data Controller.
8. Data Return & Deletion
Upon termination or at your request:
No customer data is retained beyond the agreed retention periods.
9. Audit Rights
You may audit SnappArchive's compliance with the DPA, subject to reasonable notice, scope, and confidentiality requirements, and typically fulfilled through documentation or third-party reports. Subject to reasonable notice and confidentiality requirements.
We also provide third-party audit documentation upon request.
Data Controller vs. Data Processor
You (The Customer) — Data Controller
You determine the purposes and means of processing the personal data contained in your uploaded documents.
You are responsible for ensuring your use of the Services complies with GDPR and other applicable laws.
SnappArchive — Data Processor
We process your documents exclusively:
We do not act as a joint controller.
Request a Signed DPA
Enterprise customers requiring a fully executed DPA can request a signed agreement.
We typically aim to provide executed DPAs within approximately 5 business days.
hello@snapparchive.euImportant Notes
- •A DPA is required under GDPR when using SaaS platforms that process personal data
- •Our DPA is based on EU Standard Contractual Clauses (SCCs) and GDPR Article 28 requirements
- •The DPA complements our Privacy Policy and Terms of Service
- •All processing activities are logged, documented, and auditable