ContactVault Logo ContactVault ALPHA v.1.0

Data Processing Agreement (DPA)

Last updated: 27 March 2026

1. Scope and parties

This page describes Data Processing Agreement terms that apply only where ContactVault and a business customer have expressly agreed a Controller/Processor relationship for a defined service scope. Outside such an expressly agreed Controller/Processor arrangement, ContactVault normally acts as an independent Controller for its own core service operations (for example: security, abuse prevention, retention controls, and service administration).

2. Subject matter

Where this DPA applies, ContactVault processes personal data on behalf of the Controller within the agreed service scope to provide applicant-initiated message/CV transmission, related inbox functions, and necessary support operations, as described in this DPA and the Privacy Policy.

3. Duration

This DPA applies for as long as ContactVault processes personal data on behalf of the Controller under the agreed scope.

4. Nature and Purpose of Processing

5. Categories of Data Subjects

Applicants, controller-authorized contact persons tied to designated recipient inboxes, and other individuals referenced in résumé/CV content.

6. Types of Personal Data

7. Obligations of the Processor (where this DPA applies)

8. Sub‑Processors

The Controller authorizes the Processor to engage sub‑processors for infrastructure and email delivery as described in the Privacy Policy. The Processor ensures sub‑processors are bound by equivalent data protection obligations.

9. International Transfers

If personal data is transferred outside the EEA/UK, the Processor relies on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms. Transfers initiated by the Controller to Recipients outside the EEA/UK are considered necessary for service delivery.

10. Rights of the Controller

11. Liability

Liability under this DPA is subject to the limitations of liability agreed in the main Terms & Conditions of the Service.

12. Miscellaneous

If any provision of this DPA is invalid or unenforceable, the remaining provisions remain in effect. This DPA is governed by German law. Disputes may be brought before the competent courts of Ingolstadt, Germany, unless mandatory law provides otherwise.

13. Contact

For DPA matters, contact ContactVault (Owner: Louis Dauphin), c/o IP-Management #9147, Ludwig-Erhard-Straße 18, 20459 Hamburg, Germany. Email: .