Data Processing Agreement (DPA)
Nexa Lab AI Marketing Agency Data Processing Agreement (DPA)
Version 1.0: Valid for all clients purchasing services from Nexa Lab AI Marketing Agency.
1. Parties to the Agreement
This Data Processing Agreement (“Agreement“) is entered into between:
Processor
Nexa Lab AI Marketing Agency
Owner: Nino Gkagkniasvili
Business address: Offenbachstraße 7, Stuttgart 70195, Germany
Email: contact@nexalabai.com
(the “Processor” or “Nexa Lab”)
Controller
Client Name: ___________________________________
Client Company (if applicable): _______________________________
Client address: ________________________________________
Client Email: _______________________________________
(the “Controller” or “Client”)
Both are referred to as the Parties.
2. Subject Matter
This Agreement governs the processing of personal data by Nexa Lab AI Marketing Agency in connection with the delivery of:
· AI-assisted content creation
· Marketing services
· Social media management
· Automation workflows
· Campaign execution
· Analytics and performance tracking
All processing is performed exclusively on behalf of the Client.
3. Duration
This Agreement remains in effect for the entire duration of the service relationship and continues until personal data is deleted or returned to the Client.
4. Nature and Purpose of Processing
Nexa Lab AI Marketing Agency processes data solely for the purpose of:
· Managing social media accounts
· Creating and publishing content
· Running marketing campaigns
· Performing analytics
· Executing automation workflows
· Communicating with the Client
· Delivering the purchased services
No data will be processed for any other purpose.
5. Types of Data Processed
Data may include:
· Names and contact details
· Email addresses
· Social media usernames
· Branding files (logo, brand colors, templates)
· Engagement & analytics data
· Content materials provided by the Client
· Login credentials for accounts (if voluntarily provided)
· Any other information required for service fulfillment
6. Categories of Data Subjects
· Client representatives
· Employees of the Client
· Customers, viewers, or followers of the Client (non-identifiable)
· Individuals interacting with the Client’s social media content
7. Obligations of the Processor (Nexa Lab)
Nexa Lab shall:
1. Process personal data only according to the Client’s documented instructions.
2. Ensure confidentiality of all personal data.
3. Implement appropriate technical and organizational security measures.
4. Notify the Client without undue delay of any data breach.
5. Ensure that all staff with access to the data are bound by confidentiality.
6. Not use the data for any purpose other than service delivery.
7. Not transfer data to third countries without adequate protection.
8. Immediately inform the Client if an instruction violates applicable data protection laws.
8. Technical and Organizational Measures (TOMs)
Nexa Lab uses the following security measures:
· Password-protected systems
· Two-factor authentication where available
· Encrypted cloud storage (Google Drive)
· Access restriction based on necessity
· Secure communication channels
· Regular password updates
· Industry-standard data security practices
9. Use of Sub-Processors
The Client acknowledges and agrees that Nexa Lab uses the following sub-processors:
· Google Workspace/Drive
· Notion
· Stripe
· Make.com
· Framer
· Metricool
· PhotoRoom AI
· Leonardo AI
· Midjourney
These sub-processors may change; Nexa Lab will maintain an up-to-date list available upon request.
All sub-processors provide adequate data protection measures.
10. Client Responsibilities
The Client shall:
· Ensure they have a legal basis to supply personal data to Nexa Lab
· Provide accurate and lawful data
· Securely provide the necessary access credentials
· Notify Nexa Lab of any erasure, correction, or Access requests
· Review and approve content before publication
11. Rights of Data Subjects
Nexa Lab will assist the Client in fulfilling:
· Access requests
· Rectification requests
· Deletion requests
· Data portability
· Objection requests
Any requests received by Nexa Lab will be forwarded to the Client without delay.
12. Return or Deletion of Data
Upon termination of the service contract, Nexa Lab will:
· Delete or return all personal data within 30 days,
· Unless legal retention periods require longer storage.
Backups will be securely removed according to industry standards.
13. International Data Transfers
Data may be transferred internationally depending on the sub-processors used. All transfers outside the EU are protected by:
· Standard Contractual Clauses
· Adequacy Decisions
· Industry-leading security measures
14. Liability
Nexa Lab’s liability is limited to:
· Intent
· Gross negligence
Nexa Lab is not liable for:
· Platform outages (Meta, TikTok, Google, etc.)
· Algorithm changes
· Content accuracy provided by AI tools
· Client-side security breaches
· Incorrect or incomplete data provided by the Client
15. Governing Law
This Agreement is governed exclusively by the laws of Germany.
The exclusive place of jurisdiction for all disputes arising from this Agreement is Stuttgart, Germany.
(This is standard practice for international service providers operating from the EU.)
16. Acceptance
This Agreement becomes binding upon the Client by:
· Completing a purchase
· Using Nexa Lab services
· Clicking “I accept the Data Processing Agreement” during checkout
· Accessing any deliverables provided by Nexa Lab
No physical signature is required.
End of Agreement
Nexa Lab AI Marketing Agency