> For the complete documentation index, see [llms.txt](https://docs.dinmo.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.dinmo.io/security-and-privacy/privacy/data-processing.md). # Data Processing In compliance with **Article 30(2) of the GDPR**, **DinMo**, acting as a **Data Processor**, maintains the following record of processing activities performed on behalf of **Customers (Data Controllers)**: *** #### **1. Contact Details of the Data Processor** | **Category** | **Details** | | ----------------------------------------- | ----------------------------------------- | | **Name of Processor** | **DinMo** | | **Address** | 60 Rue François 1er, 75008, Paris, France | | **Data Protection Officer (DPO) Contact** | | *** #### **2. Categories of Processing Activities**
Processing ActivityPurpose of ProcessingCategories of Personal DataCategories of Data SubjectsLegal Basis for Processing
Data SyncSynchronizing customer data between DinMo's Customer data sources (e.g., BigQuery, Snowflake) and marketing destinations (CRM, advertising platforms).Unique identifiers (e.g., hashed emails, customer IDs), in some cases contact details.Customers’ end users, leads, prospects, employees.Performance of contract (Art. 6(1)(b))
Audience Segmentation & TransformationEnabling Customers to create and activate custom audiences for marketing and analytics.Customer-provided audience segmentation attributes (e.g., purchase history, engagement behavior).End users, leads, prospects.Performance of contract (Art. 6(1)(b))
Prediction Model TrainingDinMo temporarily processes customer data to build predictive models for audience segmentation, customer scoring, and marketing optimization. All processing occurs within the customer’s data warehouse or DinMo’s EU-based infrastructure.Customer-provided attributes (e.g., transaction history, engagement behavior, demographics)End users, leads, prospects.Performance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)) where required
Inference Storage & Prediction ExecutionAfter model training, DinMo does not store raw customer data. Instead, only inference parameters (e.g., model weights, scoring functions) are retained to generate predictions in real-time or batch mode. Inferences can be executed within the customer’s data warehouse or DinMo’s EU infrastructureModel-generated insights (e.g., likelihood scores, customer propensity predictions.End users, leads, prospects.Performance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)) where required
Security & MonitoringEnsuring platform security, monitoring unauthorized access, and preventing fraud.User access logs, IP addresses, timestamps.Customer employees, platform users.Compliance with legal obligations (Art. 6(1)(c)), Legitimate Interest (Art. 6(1)(f))
Customer Support & TroubleshootingInvestigating issues related to data synchronization, resolving errors.Meta-data about records processed (e.g., timestamp, process status).Customer employees, platform users.Performance of contract (Art. 6(1)(b))
*** #### **3. Categories of Recipients of Personal Data** | **Recipient Type** | **Purpose** | **Location** | | ------------------------------------------------------ | ------------------------------------------------- | -------------------------------------------------------------- | | **Sub-Processors (Infrastructure Providers)** | Hosting, computing power, storage | **Google Cloud Platform (GCP), AWS (EU-based infrastructure)** | | **Marketing, Support, CRM and any Customer Platforms** | Data activation via Customer-defined integrations | **Customer-controlled destinations** | | **Security & Monitoring Tools** | Log analysis, fraud detection, anomaly detection | **Cloud-based security services** | *** #### **4. International Transfers of Personal Data** | **Transfer Type** | **Location** | **Safeguard Mechanism** | | ------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | | **Customer-directed transfer to destination platforms** | May include **US, UK, or third countries**, depending on the Customer’s choice of destinations | **Customer responsible for ensuring compliance (e.g., SCCs, Data Privacy Framework)** | | **Processing by DinMo's Sub-Processors** | **European Economic Area (EEA) by default** | **EEA-based processing, SCCs if required** | DinMo does **not store** or **retain** Personal Data on its own servers but **facilitates transfers between Customer used systems**. *** #### **5. Security & Technical Measures** | **Security Measure** | **Description** | | ------------------------------ | ------------------------------------------------------------------------------------------------------------ | | **Encryption** | **TLS 1.2+ for data in transit, AES-256 for data at rest (where applicable).** | | **Access Controls** | **Role-based access, Multi-Factor Authentication (MFA), logging of access events.** | | **Data Minimization** | **Personal Data is only processed as instructed by the Customer; retention policies are strictly followed.** | | **Incident Response** | **24/7 monitoring, breach notification within 48 hours of awareness.** | | **Independent Certifications** | **SOC 2, ISO 27001 compliance for cloud providers.** | *** #### **6. Retention & Deletion of Personal Data** | **Data Type** | **Retention Policy** | | -------------------------------------------------------- | ------------------------------------------------------------------------- | | **Personal Data processed within the DinMo platform** | **Processed only in transit; not stored.** | | **Metadata & Logs (for debugging, compliance purposes)** | **Stored for up to 12 months, unless required longer by law.** | | **Customer-directed data transfers** | **Subject to Customer’s retention policies on the destination platform.** | Upon termination of the Agreement, DinMo will: 1. **Delete or return Personal Data within 30 days** (unless otherwise required by law). 2. **Provide confirmation of deletion** upon request. *** #### **7. Sub-Processor Security & Compliance** DinMo works with **carefully selected sub-processors** that implement **at least the same level of data protection and security** as DinMo. We require them to maintain **recognized industry safeguards** and adhere to **independent security certifications**, such as those ensuring robust **confidentiality, integrity, and availability** of data (**SOC 2 Type II, ISO 27001, and other relevant certifications)**. *** #### **8. Contact Information for Data Protection Queries** For any **data protection inquiries, audits, or compliance concerns**, Customers may contact: **📧 Email:** \ 🛡️ **Data Protection Officer (DPO):** Alexandra Augusti, --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.dinmo.io/security-and-privacy/privacy/data-processing.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.