pursuant to Article 28 GDPR
This Data Processing Agreement (“Agreement”) is entered into between the Customer (hereinafter “Controller”) and advox GmbH, Anzengrubergasse 24/22, 1050 Vienna, Austria, FN 646527 a (hereinafter “Processor” or “advox”) and supplements the advox Terms of Service.
It governs the Processor’s handling of personal data on behalf of the Controller in connection with the services provided through the advox platform, in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
This Agreement applies to all personal data processed by advox in the course of providing access to and functionality of the advox platform. It remains in force for as long as the Processor processes data on behalf of the Controller under the primary service agreement.
The Processor processes data for the purpose of providing SaaS-based asset management, campaign coordination, and streaming infrastructure to the Controller. The processing may include collection, hosting, display, transfer, and deletion of data as necessary to fulfill these services.
The processing may involve personal data relating to:
Users authorized by the Controller (e.g. employees or collaborators)
Third parties whose data may appear in uploaded campaign content
Categories of data may include:
Names, email addresses, file identifiers, metadata, and any other personal data the Controller uploads or submits through the platform.
The Controller remains responsible for ensuring that no special categories of data (Art. 9 GDPR) are uploaded unless appropriate safeguards are in place.
The Processor shall:
a) Process data only on documented instructions from the Controller unless legally required to act otherwise;
b) Ensure that personnel authorized to process personal data are subject to appropriate confidentiality obligations;
c) Take appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage;
d) Assist the Controller, where reasonably feasible, in fulfilling obligations under Articles 32 to 36 of the GDPR (e.g., breach notifications, DPIAs, cooperation with authorities);
e) Ensure that any subprocessor is bound by contractual terms no less protective than those set out herein.
The Controller agrees that the Processor may engage third-party subprocessors as necessary for the provision of the services. A current list of such subprocessors is available upon request.
The Processor will inform the Controller of any intended changes concerning the addition or replacement of subprocessors. The Controller may raise reasonable objections only where data protection concerns exist.
The Processor may transfer personal data outside the European Economic Area only where appropriate safeguards are in place in accordance with Chapter V of the GDPR, including Standard Contractual Clauses or adequacy decisions where applicable.
Upon termination of the service relationship, the Processor will, at the Controller’s written request, delete or return all personal data. This is subject to any legal obligations to retain certain data beyond the term of the Agreement.
This Agreement shall be governed by the laws of the Republic of Austria. In the event of a conflict between this Agreement and the Processor’s Terms of Service, this Agreement shall prevail only with respect to the subject matter of data processing.
No additional rights or obligations are implied unless expressly stated herein.
(c) 2025 - advox GmbH