Privacy Policy
Version 1.0 | Effective date: June 1, 2024
This Data Processing Agreement (“Agreement” or “DPA”) forms part of the Terms of Service between you (“Customer”, “Controller”) and Packely ApS, Trindsovej 6, 1, 8000 Aarhus C, Denmark (“Packely”, “Processor”).
This Agreement applies where Packely processes personal data on behalf of the Customer as a data processor in the course of providing its services, and is intended to ensure compliance with Article 28 of the EU and UK General Data Protection Regulation (“GDPR”).
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing", "Data Controller", "Data Processor", and "Data Subject" shall have the meanings as defined under the GDPR.
"Sub-processor" means any third party engaged by Packely to process Personal Data on behalf of the Customer.
2. Subject Matter and Duration
This DPA governs the Processing of Personal Data as necessary to provide the services described in the Terms of Service. This DPA remains valid for as long as Packely processes Personal Data on behalf of the Customer.
3. Nature and Purpose of Processing
Packely processes Personal Data provided by the Customer in connection with the use of its platform and services. This may include storage, transmission, and transformation of data for the purpose of generating 3D product renderings and related services.
4. Categories of Data Subjects and Data
Data Subjects: May include Customer representatives, employees, contractors, or other individuals whose data is included in uploaded project content.
Categories of Data: Names, email addresses, contact details, uploaded content that may contain personal data (e.g., product images, documents, or metadata).
5. Obligations of the Processor (Packely)
Packely agrees to:
a. Process Personal Data only on documented instructions from the Customer, unless required by law.
b. Ensure confidentiality by persons authorized to process the data.
c. Implement appropriate technical and organizational measures to ensure data security.
d. Assist the Customer in responding to data subject requests, data breaches, and privacy impact assessments.
e. Delete or return all Personal Data at the end of the service period, unless legally required to retain it.
f. Make available necessary information to demonstrate compliance and allow audits (with reasonable notice).
6. Sub-processing
The Customer authorizes Packely to engage the following categories of sub-processors:
Cloud infrastructure and hosting providers
Authentication and database services
Payment processors
Analytics and marketing services
Internal communication tools
A list of key sub-processors may be made available upon request. Packely ensures sub-processors are bound by obligations equivalent to those in this DPA.
7. International Transfers
Where Packely or its sub-processors transfer Personal Data outside the European Economic Area (EEA) or United Kingdom, such transfers are safeguarded by appropriate legal mechanisms, including the Standard Contractual Clauses or other recognized safeguards under the GDPR and UK GDPR.
8. Customer Responsibilities
The Customer confirms that:
It has the legal authority to provide Personal Data to Packely.
All Personal Data provided is collected and processed lawfully.
It will not instruct Packely to process data in a way that violates applicable laws.
9. Limitation of Liability
The liability of each party under this DPA is subject to the limitations of liability set forth in the Terms of Service.
10. Governing Law and Jurisdiction
This Agreement shall be governed by the laws of Denmark. Any disputes shall be resolved in the courts of Denmark, unless otherwise agreed.
11. Contact
For questions about this DPA or data processing practices, please contact:
Packely ApS
contact@packely.com
Trindsovej 6, 1
8000 Aarhus C
Denmark
