These documents are template-level information for transparency. They are not certified legal translations or lawyer-approved equivalents in every language. For binding advice, consult qualified counsel. Enterprise customers receive executed MSA, Order Form, and counter-signed DPA — see Enterprise contracting.

Policy version: 2026-06-22 · EN

Data Processing Agreement (Public)

2026-06-22 · Processor: Soluzyn OÜ (17387492)

1. Parties

  • Customer = Controller (for end-user content)
  • Soluzyn OÜ = Processor under GDPR Art. 28

2. Subject matter

Processing to deliver TrustOriginality detection, Trust Score, compliance reports, optional KYC.

3. Duration

Term of agreement + deletion per Section 10.

4. Processor obligations

  • Documented instructions only
  • Confidentiality
  • Security (Annex C measures)
  • Sub-processor controls (public list)
  • Assist with DSARs and DPIAs
  • Breach notification without undue delay
  • Delete/return data on termination

5. Controller obligations

Lawful basis, privacy notices, Art. 9 consent for biometrics.

6. Sub-processors

Public list at /Home/Subprocessors. Enterprise customers notified of changes.

7. International transfers

SCCs or adequacy decisions.

8. Audit

Information available on request; enterprise audits per Order Form.

9. Execute full DPA

Public vs signed DPA: This page is the public reference DPA for transparency. A counter-signed DPA with completed Annexes A–C is executed for enterprise customers together with the MSA and Order Form. Internal counsel templates: legal/DPA-TEMPLATE.md (not published).

See Enterprise contracting or contact info@trustoriginality.ai.