Configurix
Book a demo

Data Processing Agreement

Our standard Data Processing Agreement for Configurix customers.

This Data Processing Agreement (“DPA”) forms part of the agreement between the customer (“Controller”) and Configurix (“Processor”) for the use of the Configurix platform. It is concluded in accordance with Art. 28 GDPR.

1. Subject Matter

Configurix processes personal data on behalf of the Controller solely for the purpose of providing the Configurix Service, including 3D configuration, quoting, customer and project management, and related features.

2. Categories of Data Subjects

  • Employees of the Controller using the platform
  • The Controller's end customers
  • Business contacts and project participants

3. Types of Personal Data

  • Contact data (name, email, phone, company, address)
  • Project and configuration data
  • Communication and document data
  • Technical data (IP address, log files, device info)

4. Obligations of the Processor

  • Process personal data only on documented instructions from the Controller
  • Ensure confidentiality of persons authorized to process the data
  • Implement appropriate technical and organizational measures (Art. 32 GDPR)
  • Assist the Controller with data subject requests and security obligations
  • Notify the Controller without undue delay of any personal data breach

5. Sub-Processors

The Controller authorizes Configurix to engage sub-processors (e.g. hosting, email delivery, analytics). A current list is available on request. Configurix imposes equivalent data-protection obligations on all sub-processors and remains liable for their performance.

6. International Transfers

Personal data is hosted within the European Union or in jurisdictions ensuring an adequate level of protection. Where transfers to third countries occur, they are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

7. Security Measures

  • TLS/HTTPS encryption in transit
  • Encrypted storage and regular backups
  • Role-based access control and audit logging
  • Continuous monitoring and incident response

8. Return or Deletion of Data

Upon termination of the underlying agreement, Configurix will, at the Controller's choice, delete or return all personal data, subject to legal retention obligations.

9. Audit Rights

The Controller may verify Configurix's compliance with this DPA by requesting documentation or, where reasonably necessary, conducting an audit upon prior written notice.

10. Contact

To request a signed copy of this DPA or to discuss specific clauses, contact info@configurix.com or office@configurix.de.