Data Processing Agreement

Data Processing Agreement (DPA)

If you use Rankion as a business customer and personal data of third parties (e.g. your customers, your employees) is processed in the course of that use, we conclude a Data Processing Agreement pursuant to Art. 28 GDPR ("Auftragsverarbeitungsvertrag" in German) with you.

How to obtain the DPA

1. Download the Standard DPA v1.0 (PDF)
2. Review the content — standard clauses pursuant to Art. 28 GDPR, with reference to our sub-processor list
3. Email trust@rankion.ai with the subject "DPA request [Company]" — we will send you the document ready for counter-signature (two-way signature via DocuSign)

What the DPA contains

• Subject matter and duration of the processing
• Nature and purpose of the processing — according to your Rankion use case
• Categories of data and categories of data subjects
• Obligations of Provimedia GmbH as processor ("Auftragsverarbeiter")
• List of sub-processors used (reference to /en/trust/sub-processors)
• Technical and organisational measures (reference to /en/trust/tom)
• Third-country transfers with safeguards (Standard Contractual Clauses, EU-US Data Privacy Framework)
• Rights of the controller (audit rights, deletion obligations)

Customisation

For regulated industries (healthcare, banking, public sector) we customise the DPA individually — contact us with the specific requirements of your compliance team.

Sub-processors

We engage the providers listed at /en/trust/sub-processors as sub-processors. Changes are communicated with 14 days advance notice (right to object pursuant to Art. 28(2) GDPR).