Data Processing Agreement (DPA)

§ 1 Contracting Parties

Controller (Client): The user of the PII anonymization service (hereinafter "Client")

§ 2 Subject Matter and Duration of Processing

The Processor processes personal data on behalf of the Client within the scope of the PII anonymization service.

• Purpose: Automated detection and pseudonymization of personal data in texts before they are transmitted to AI language models (LLMs).
• Duration: Processing occurs exclusively for the duration of an individual API call. Original texts are only processed in RAM and are not stored. Mapping tables are temporarily held in cache for a maximum of 1 hour and then automatically deleted.
• Nature of processing: Automated text recognition, pattern matching, AI-based Named Entity Recognition, pseudonymization through placeholder substitution.

§ 3 Types of Personal Data

The following categories of personal data may be affected during processing:

• Full names, first and last names
• Email addresses, phone numbers
• Postal addresses (street, postal code, city)
• IBANs, credit card numbers, cryptocurrency wallets
• ID card numbers, tax numbers, social security numbers (EU-wide)
• Dates of birth
• IP addresses
• Profile URLs on social media and developer platforms (35+ platforms, username part only)
• Company and department abbreviations (3-4 uppercase letters)

§ 4 Categories of Data Subjects

Data subjects are those natural persons whose personal data is contained in texts transmitted by the Client. These may include:

• Employees and staff of the Client
• Customers and business partners of the Client
• Contact persons and points of contact
• Other natural persons mentioned in texts

§ 5 Obligations of the Processor

The Processor undertakes to:

• Bound by instructions: Processing is carried out exclusively on the basis of the Client's documented instructions. Use of the API constitutes such an instruction.
• Confidentiality: All persons entrusted with processing are bound by confidentiality.
• Security of processing: The Processor implements the technical and organizational measures described in the TOM annex (Art. 32 GDPR).
• Sub-processors: No sub-processors are used. All processing takes place on own servers in Germany.
• Support: The Processor assists the Client in fulfilling their obligations under Art. 32-36 GDPR.
• Deletion: Original texts are immediately deleted from RAM after processing. Mapping tables are automatically deleted after a maximum of 1 hour. Immediate manual deletion is possible via API.
• Accountability: The Processor provides the Client with all information necessary to demonstrate compliance with their obligations.

§ 6 Obligations of the Client

The Client is responsible for ensuring that:

• the transmission of personal data to the Processor is lawful
• the rights of data subjects are guaranteed
• the service is only used for texts whose processing the Client is authorized to carry out

§ 7 Technical and Organizational Measures

The specific technical and organizational measures are described in a separate TOM document:

→ View TOM document

Summary of key measures:

• ✓ Encryption: TLS 1.3 for all transmissions, session-based isolation (UUID)
• ✓ Local processing: All servers in Germany, no data transfer to third countries
• ✓ Data minimization: RAM-only processing, no permanent storage of original texts
• ✓ No content logging: No transmitted texts or PII content are logged
• ✓ Automatic deletion: Mapping tables after maximum 1 hour

§ 8 Data Transfers to Third Countries

No transfer of personal data to third countries or international organizations takes place. All processing is carried out exclusively on servers in Germany. The AI models used (SpaCy NER) run locally on the same servers.

§ 9 Data Breach Notification

The Processor shall inform the Client without undue delay of any personal data breach pursuant to Art. 33 GDPR. Contact: info@schiller-partners.de

§ 10 Termination

Upon termination of use of the service, all temporary data is automatically deleted. Since no personal data is permanently stored (RAM-only processing, max. 1h cache for mapping tables), no separate deletion or return obligation applies.

§ 11 Liability

Liability is governed by Art. 82 GDPR. The Processor is liable for damages caused by processing that does not comply with the Client's instructions or by violations of their obligations under this agreement.

§ 12 Final Provisions

• German law applies.
• Place of jurisdiction is Dortmund, Germany.
• Amendments and supplements require written form.
• This DPA takes effect with the first use of the PII anonymization service by the Client.