FastFaktura
Kostenlos testen

Data Processing Agreement

Zuletzt aktualisiert: 12 June 2026

This DPA forms part of the FastFaktura Terms of Use and applies when you use the Service to process personal data of your clients.

1. Parties and scope

This Data Processing Agreement ("DPA") is entered into between HIPPOCAMPE DIGITAL LTD ("Processor"), company No. 17143837, registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, trading as FastFaktura, and the business entity that accepts the FastFaktura Terms of Use ("Controller"). It governs the processing of personal data relating to the Controller's clients that the Controller stores in or transmits through the FastFaktura service ("Service"), in accordance with Article 28 of the GDPR and UK GDPR.

2. Subject matter and duration

The Processor processes personal data on behalf of the Controller for the duration of the subscription to the Service and until deletion of data in accordance with the Privacy Policy, solely to provide the CRM, invoicing, email/SMS delivery and payment features described in the Terms of Use.

3. Processor obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller, including as set out in the Terms of Use and this DPA, unless required by law.
  • Ensure that persons authorised to process personal data are bound by confidentiality.
  • Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
  • Not engage another processor (sub-processor) without informing the Controller; the current list is published in our Privacy Policy.
  • Assist the Controller in responding to data subject requests, within reasonable limits.
  • Delete or return all personal data at the end of the provision of services, subject to legal retention requirements.

4. Security measures

The Processor implements the following measures, among others:

  • Encryption of data in transit (TLS) and encryption at rest for sensitive credentials.
  • Access control and authentication for administrative and customer accounts.
  • Logging and monitoring of access to production systems.
  • Regular backups with rotation and secure storage.
  • Hosting within the European Union (Stockholm, Sweden) on dedicated infrastructure.

5. Sub-processors

The Controller authorises the Processor to engage the sub-processors listed in the Privacy Policy. The Processor shall impose data protection obligations on sub-processors equivalent to those in this DPA. The Processor will notify account holders of any intended addition or replacement of sub-processors.

6. International transfers

Where personal data is transferred outside the UK or EEA (e.g. to email or geolocation providers in the United States), the Processor ensures appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms approved under GDPR Chapter V.

7. Contact and governing law

For questions about this DPA, contact legal@fastfaktura.io. . This DPA is governed by English law. The Privacy Policy at Datenschutzerklärung.