Data Processing Agreement

For Enterprise subscribers whose use of Linzalytics involves the processing of personal data, we sign a Data Processing Agreement under GDPR Article 28.

This is a starting template. For binding terms, contact us directly.

Last updated: 2026-04-21

Does your use of Linzalytics need a DPA?

Usually no. Our product primarily processes business-entity data — company names, Russian tax identifiers (INN, OGRN, KPP), registered addresses, court case numbers, procurement contract records. Under the GDPR, information about legal entities is generally not personal data.

The limited personal data we handle is incidental to running the service: your contact email, billing details, and operational server logs. How we treat that is covered in our privacy policy.

A DPA becomes relevant when an Enterprise customer integrates our data into a workflow that processes personal data on their end, and needs contractual assurances about how we act as a processor for any related operations.

Request our DPA template

We have a template DPA ready to share on request. Email us and we will send it over for your legal team to review.

Request our DPA template

What a Linzalytics DPA will cover

The template addresses the clauses expected under GDPR Article 28:

• Scope and subject-matter — categories of data, categories of data subjects, processing duration.
• Processing instructions — the processor acts only on documented instructions from the controller.
• Confidentiality — personnel bound to confidentiality.
• Security measures — the technical and organizational measures in place (encryption in transit, access controls, logging).
• Subprocessors — current list, notice obligations for additions, flow-down of equivalent terms.
• Data-subject rights — assistance to the controller in responding to access, rectification, and erasure requests.
• Incident reporting — notification timelines and minimum content for personal-data breaches.
• Audit rights — the controller's right to audit or receive an audit report.
• Return or deletion — what happens to personal data on termination.
• International transfers — Standard Contractual Clauses where a non-EEA transfer is involved, plus any supplementary measures identified under the Schrems II framework.

Contact

For DPA requests, security questionnaires, or vendor-onboarding paperwork: derek.linz@linzalytics.com.