# Data Processing In compliance with **Article 30(2) of the GDPR**, **DinMo**, acting as a **Data Processor**, maintains the following record of processing activities performed on behalf of **Customers (Data Controllers)**: *** #### **1. Contact Details of the Data Processor** | **Category** | **Details** | | ----------------------------------------- | ----------------------------------------- | | **Name of Processor** | **DinMo** | | **Address** | 60 Rue François 1er, 75008, Paris, France | | **Data Protection Officer (DPO) Contact** | | *** #### **2. Categories of Processing Activities**
Processing ActivityPurpose of ProcessingCategories of Personal DataCategories of Data SubjectsLegal Basis for Processing
Data SyncSynchronizing customer data between DinMo's Customer data sources (e.g., BigQuery, Snowflake) and marketing destinations (CRM, advertising platforms).Unique identifiers (e.g., hashed emails, customer IDs), in some cases contact details.Customers’ end users, leads, prospects, employees.Performance of contract (Art. 6(1)(b))
Audience Segmentation & TransformationEnabling Customers to create and activate custom audiences for marketing and analytics.Customer-provided audience segmentation attributes (e.g., purchase history, engagement behavior).End users, leads, prospects.Performance of contract (Art. 6(1)(b))
Prediction Model TrainingDinMo temporarily processes customer data to build predictive models for audience segmentation, customer scoring, and marketing optimization. All processing occurs within the customer’s data warehouse or DinMo’s EU-based infrastructure.Customer-provided attributes (e.g., transaction history, engagement behavior, demographics)End users, leads, prospects.Performance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)) where required
Inference Storage & Prediction ExecutionAfter model training, DinMo does not store raw customer data. Instead, only inference parameters (e.g., model weights, scoring functions) are retained to generate predictions in real-time or batch mode. Inferences can be executed within the customer’s data warehouse or DinMo’s EU infrastructureModel-generated insights (e.g., likelihood scores, customer propensity predictions.End users, leads, prospects.Performance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)) where required
Security & MonitoringEnsuring platform security, monitoring unauthorized access, and preventing fraud.User access logs, IP addresses, timestamps.Customer employees, platform users.Compliance with legal obligations (Art. 6(1)(c)), Legitimate Interest (Art. 6(1)(f))
Customer Support & TroubleshootingInvestigating issues related to data synchronization, resolving errors.Meta-data about records processed (e.g., timestamp, process status).Customer employees, platform users.Performance of contract (Art. 6(1)(b))
*** #### **3. Categories of Recipients of Personal Data** | **Recipient Type** | **Purpose** | **Location** | | ------------------------------------------------------ | ------------------------------------------------- | -------------------------------------------------------------- | | **Sub-Processors (Infrastructure Providers)** | Hosting, computing power, storage | **Google Cloud Platform (GCP), AWS (EU-based infrastructure)** | | **Marketing, Support, CRM and any Customer Platforms** | Data activation via Customer-defined integrations | **Customer-controlled destinations** | | **Security & Monitoring Tools** | Log analysis, fraud detection, anomaly detection | **Cloud-based security services** | *** #### **4. International Transfers of Personal Data** | **Transfer Type** | **Location** | **Safeguard Mechanism** | | ------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | | **Customer-directed transfer to destination platforms** | May include **US, UK, or third countries**, depending on the Customer’s choice of destinations | **Customer responsible for ensuring compliance (e.g., SCCs, Data Privacy Framework)** | | **Processing by DinMo's Sub-Processors** | **European Economic Area (EEA) by default** | **EEA-based processing, SCCs if required** | DinMo does **not store** or **retain** Personal Data on its own servers but **facilitates transfers between Customer used systems**. *** #### **5. Security & Technical Measures** | **Security Measure** | **Description** | | ------------------------------ | ------------------------------------------------------------------------------------------------------------ | | **Encryption** | **TLS 1.2+ for data in transit, AES-256 for data at rest (where applicable).** | | **Access Controls** | **Role-based access, Multi-Factor Authentication (MFA), logging of access events.** | | **Data Minimization** | **Personal Data is only processed as instructed by the Customer; retention policies are strictly followed.** | | **Incident Response** | **24/7 monitoring, breach notification within 48 hours of awareness.** | | **Independent Certifications** | **SOC 2, ISO 27001 compliance for cloud providers.** | *** #### **6. Retention & Deletion of Personal Data** | **Data Type** | **Retention Policy** | | -------------------------------------------------------- | ------------------------------------------------------------------------- | | **Personal Data processed within the DinMo platform** | **Processed only in transit; not stored.** | | **Metadata & Logs (for debugging, compliance purposes)** | **Stored for up to 12 months, unless required longer by law.** | | **Customer-directed data transfers** | **Subject to Customer’s retention policies on the destination platform.** | Upon termination of the Agreement, DinMo will: 1. **Delete or return Personal Data within 30 days** (unless otherwise required by law). 2. **Provide confirmation of deletion** upon request. *** #### **7. Sub-Processor Security & Compliance** DinMo works with **carefully selected sub-processors** that implement **at least the same level of data protection and security** as DinMo. We require them to maintain **recognized industry safeguards** and adhere to **independent security certifications**, such as those ensuring robust **confidentiality, integrity, and availability** of data (**SOC 2 Type II, ISO 27001, and other relevant certifications)**. *** #### **8. Contact Information for Data Protection Queries** For any **data protection inquiries, audits, or compliance concerns**, Customers may contact: **📧 Email:** \ 🛡️ **Data Protection Officer (DPO):** Alexandra Augusti,