Data Processing Addendum
Last updated: January 1, 2026
1. Introduction
This Data Processing Addendum ("DPA") forms part of the agreement between you ("Customer") and Getia AS ("Processor") for the use of ConsumerXLab services.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Processing: Any operation performed on personal data
- Controller: The entity that determines the purposes and means of processing
- Processor: The entity that processes personal data on behalf of the controller
3. Scope of Processing
The Processor shall:
- Process personal data only on documented instructions from the Customer
- Ensure that persons processing data are subject to confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist the Customer in responding to data subject requests
- Delete or return all personal data upon termination of services
4. Subprocessors
The Customer authorizes the Processor to engage subprocessors as listed in the Subprocessors List.
5. Security Measures
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Access controls and authentication
- Regular security assessments
- Incident response procedures
6. Data Breach Notification
In the event of a personal data breach, the Processor shall notify the Customer within 72 hours.
7. Contact
For questions about data processing, please contact us at [email protected]
Company: Getia AS (Org. nr: 926 610 198)
Address: At Mesh, Møllergata 6, 0179 Oslo, Norway