Data Processing Addendum (DPA)

Data Processing Addendum

Last updated: October 2, 2025

1. Introduction

This Data Processing Addendum (DPA) forms part of the agreement between you (the "Customer") and Shortnd (the "Processor") for the provision of URL shortening services. This DPA addresses the requirements of GDPR and other applicable data protection laws.

2. Definitions

For the purposes of this DPA:

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data, including collection, storage, analysis, and deletion.
Data Subject: The individual to whom Personal Data relates.
Controller: The entity that determines the purposes and means of processing Personal Data.
Processor: The entity that processes Personal Data on behalf of the Controller.

3. Scope and Role

Shortnd acts as a Processor when handling Personal Data on behalf of the Customer (Controller). The Customer remains responsible for compliance with data protection laws in their use of the service.

4. Data Processing Principles

Shortnd commits to:

Process Personal Data only on documented instructions from the Customer
Ensure confidentiality of all persons authorized to process Personal Data
Implement appropriate technical and organizational security measures
Engage sub-processors only with prior written consent
Assist the Customer in responding to Data Subject requests
Delete or return Personal Data upon termination of services

5. Data Subject Rights

Shortnd will assist the Customer in fulfilling Data Subject rights requests, including:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability

6. Security Measures

Shortnd implements the following security measures:

Encryption of data in transit and at rest
Regular security audits and penetration testing
Access controls and authentication mechanisms
Incident response and breach notification procedures
Regular staff training on data protection

7. Data Transfers

Personal Data may be processed in multiple jurisdictions. Shortnd ensures appropriate safeguards are in place for international data transfers in compliance with GDPR Chapter V.

8. Data Breach Notification

In the event of a data breach affecting Personal Data, Shortnd will notify the Customer without undue delay and within 72 hours of becoming aware of the breach, providing all relevant information to assist the Customer in meeting their notification obligations.

9. Audits and Compliance

Shortnd will make available to the Customer information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, by the Customer or an auditor mandated by the Customer.

10. Contact for Data Protection Matters

For questions or concerns regarding data processing, contact our Data Protection Officer at dpo@shortnd.com.

Data Processing Addendum

Last updated: October 2, 2025

1. Introduction

2. Definitions

For the purposes of this DPA:

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data, including collection, storage, analysis, and deletion.
Data Subject: The individual to whom Personal Data relates.
Controller: The entity that determines the purposes and means of processing Personal Data.
Processor: The entity that processes Personal Data on behalf of the Controller.

3. Scope and Role

Shortnd acts as a Processor when handling Personal Data on behalf of the Customer (Controller). The Customer remains responsible for compliance with data protection laws in their use of the service.

4. Data Processing Principles

Shortnd commits to:

Process Personal Data only on documented instructions from the Customer
Ensure confidentiality of all persons authorized to process Personal Data
Implement appropriate technical and organizational security measures
Engage sub-processors only with prior written consent
Assist the Customer in responding to Data Subject requests
Delete or return Personal Data upon termination of services

5. Data Subject Rights

Shortnd will assist the Customer in fulfilling Data Subject rights requests, including:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability

6. Security Measures

Shortnd implements the following security measures:

Encryption of data in transit and at rest
Regular security audits and penetration testing
Access controls and authentication mechanisms
Incident response and breach notification procedures
Regular staff training on data protection

7. Data Transfers

Personal Data may be processed in multiple jurisdictions. Shortnd ensures appropriate safeguards are in place for international data transfers in compliance with GDPR Chapter V.

8. Data Breach Notification

9. Audits and Compliance

10. Contact for Data Protection Matters

For questions or concerns regarding data processing, contact our Data Protection Officer at dpo@shortnd.com.

Data Processing Addendum

Last updated: October 2, 2025

1. Introduction

2. Definitions

For the purposes of this DPA:

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data, including collection, storage, analysis, and deletion.
Data Subject: The individual to whom Personal Data relates.
Controller: The entity that determines the purposes and means of processing Personal Data.
Processor: The entity that processes Personal Data on behalf of the Controller.

3. Scope and Role

Shortnd acts as a Processor when handling Personal Data on behalf of the Customer (Controller). The Customer remains responsible for compliance with data protection laws in their use of the service.

4. Data Processing Principles

Shortnd commits to:

Process Personal Data only on documented instructions from the Customer
Ensure confidentiality of all persons authorized to process Personal Data
Implement appropriate technical and organizational security measures
Engage sub-processors only with prior written consent
Assist the Customer in responding to Data Subject requests
Delete or return Personal Data upon termination of services

5. Data Subject Rights

Shortnd will assist the Customer in fulfilling Data Subject rights requests, including:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability

6. Security Measures

Shortnd implements the following security measures:

Encryption of data in transit and at rest
Regular security audits and penetration testing
Access controls and authentication mechanisms
Incident response and breach notification procedures
Regular staff training on data protection

7. Data Transfers

Personal Data may be processed in multiple jurisdictions. Shortnd ensures appropriate safeguards are in place for international data transfers in compliance with GDPR Chapter V.

8. Data Breach Notification

9. Audits and Compliance

10. Contact for Data Protection Matters

For questions or concerns regarding data processing, contact our Data Protection Officer at dpo@shortnd.com.