Data Processing
Last Updated Feb, 9th 2025 - Register of Categories of Processing Activities (Article 30.2 GDPR)
In compliance with Article 30(2) of the GDPR, DinMo, acting as a Data Processor, maintains the following record of processing activities performed on behalf of Customers (Data Controllers):
1. Contact Details of the Data Processor
Category
Details
Name of Processor
DinMo
Address
60 Rue François 1er, 75008, Paris, France
Data Protection Officer (DPO) Contact
2. Categories of Processing Activities
Processing Activity
Purpose of Processing
Categories of Personal Data
Categories of Data Subjects
Legal Basis for Processing
Data Sync
Synchronizing customer data between DinMo's Customer data sources (e.g., BigQuery, Snowflake) and marketing destinations (CRM, advertising platforms).
Unique identifiers (e.g., hashed emails, customer IDs), in some cases contact details.
Customers’ end users, leads, prospects, employees.
Performance of contract (Art. 6(1)(b)), Legitimate Interest (Art. 6(1)(f))
Audience Segmentation & Transformation
Enabling Customers to create and activate custom audiences for marketing and analytics.
Customer-provided audience segmentation attributes (e.g., purchase history, engagement behavior).
End users, leads, prospects.
Legitimate Interest (Art. 6(1)(f))
Prediction Model Training
DinMo temporarily processes customer data to build predictive models for audience segmentation, customer scoring, and marketing optimization. All processing occurs within the customer’s data warehouse or DinMo’s EU-based infrastructure.
Customer-provided attributes (e.g., transaction history, engagement behavior, demographics)
End users, leads, prospects.
Performance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)) where required
Inference Storage & Prediction Execution
After model training, DinMo does not store raw customer data. Instead, only inference parameters (e.g., model weights, scoring functions) are retained to generate predictions in real-time or batch mode. Inferences can be executed within the customer’s data warehouse or DinMo’s EU infrastructure
Model-generated insights (e.g., likelihood scores, customer propensity predictions.
End users, leads, prospects.
Performance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)) where required
Security & Monitoring
Ensuring platform security, monitoring unauthorized access, and preventing fraud.
User access logs, IP addresses, timestamps.
Customer employees, platform users.
Compliance with legal obligations (Art. 6(1)(c)), Legitimate Interest (Art. 6(1)(f))
Customer Support & Troubleshooting
Investigating issues related to data synchronization, resolving errors.
Meta-data about records processed (e.g., timestamp, process status).
Customer employees, platform users.
Performance of contract (Art. 6(1)(b))
3. Categories of Recipients of Personal Data
Recipient Type
Purpose
Location
Sub-Processors (Infrastructure Providers)
Hosting, computing power, storage
Google Cloud Platform (GCP), AWS (EU-based infrastructure)
Marketing, Support, CRM and any Customer Platforms
Data activation via Customer-defined integrations
Customer-controlled destinations
Security & Monitoring Tools
Log analysis, fraud detection, anomaly detection
Cloud-based security services
4. International Transfers of Personal Data
Transfer Type
Location
Safeguard Mechanism
Customer-directed transfer to destiantion platforms
May include US, UK, or third countries, depending on the Customer’s choice of destinations
Customer responsible for ensuring compliance (e.g., SCCs, Data Privacy Framework)
Processing by DinMo's Sub-Processors
European Economic Area (EEA) by default
EEA-based processing, SCCs if required
DinMo does not store or retain Personal Data on its own servers but facilitates transfers between Customer used systems.
5. Security & Technical Measures
Security Measure
Description
Encryption
TLS 1.2+ for data in transit, AES-256 for data at rest (where applicable).
Access Controls
Role-based access, Multi-Factor Authentication (MFA), logging of access events.
Data Minimization
Personal Data is only processed as instructed by the Customer; retention policies are strictly followed.
Incident Response
24/7 monitoring, breach notification within 48 hours of awareness.
Independent Certifications
SOC 2, ISO 27001 compliance for cloud providers.
6. Retention & Deletion of Personal Data
Data Type
Retention Policy
Personal Data processed within the DinMo platform
Processed only in transit; not stored.
Metadata & Logs (for debugging, compliance purposes)
Stored for up to 12 months, unless required longer by law.
Customer-directed data transfers
Subject to Customer’s retention policies on the destination platform.
Upon termination of the Agreement, DinMo will:
Delete or return Personal Data within 30 days (unless otherwise required by law).
Provide confirmation of deletion upon request.
7. Sub-Processor Security & Compliance
DinMo works with carefully selected sub-processors that implement at least the same level of data protection and security as DinMo. We require them to maintain recognized industry safeguards and adhere to independent security certifications, such as those ensuring robust confidentiality, integrity, and availability of data (SOC 2 Type II, ISO 27001, and other relevant certifications).
8. Contact Information for Data Protection Queries
For any data protection inquiries, audits, or compliance concerns, Customers may contact:
📧 Email: privacy@dinmo.com 🛡️ Data Protection Officer (DPO): Alexandra Augusti, alexandra@dinmo.com
Last updated