Data Processing Agreement

Subject Matter and Duration of Processing

ReadyPass Kft. processes personal data solely for the purpose of providing the DPP services, for the duration of the service contract, in accordance with the documented instructions of the controller.

Instructions of the Controller

ReadyPass Kft. processes personal data solely on the basis of the written instructions of the controller, unless the processing is required by EU or member state law.

Sub-Processors Engaged

ReadyPass Kft. engages the following additional processors, all operating exclusively within the EEA:

• Cloud infrastructure: Amazon Web Services EMEA SARL (EU region, Frankfurt)
• eIDAS qualified trust service provider for electronic signatures (EU)
• Error tracking, monitoring, and security service provider (EU)

Technical and Organizational Measures

We apply the appropriate security measures under Article 32 of the GDPR:

• Encryption at rest and in transit (AES-256, TLS 1.3)
• Role-based access control and multi-factor authentication
• Regular security testing and vulnerability assessment
• Notification of a data breach to the controller within 72 hours
• Confidentiality obligation of staff

Assistance with Data Subject Rights

ReadyPass Kft. assists the controller with appropriate technical and organizational measures in fulfilling requests for the exercise of data subject rights.

Handling of Data Breaches

Upon detecting a data breach, ReadyPass Kft. notifies the controller without undue delay, within 72 hours at the latest, and provides all relevant information.

Right to Audit

The controller is entitled to verify compliance with the data processing terms and to initiate audits, subject to reasonable prior notice.

Deletion and Return of Data

Upon termination of the service contract, ReadyPass Kft. will, at the controller's choice, delete or return all personal data within 30 days, unless retention is required by law.