The service is provided by DCO SRL (currently in incorporation), or its authorized representative during the incorporation phase.
1. Definitions
Terms such as “personal data”, “processing”, “controller”, and “processor” shall have the meaning defined in the General Data Protection Regulation (GDPR).
2. Subject Matter and Duration
This Agreement governs the processing of personal data by the Processor on behalf of the Controller for the purpose of providing the Dance Master Pro software service.
Processing will continue for the duration of the service subscription and until data deletion is completed in accordance with Section 10.
3. Nature and Purpose of Processing
The Processor processes personal data solely to provide the Dance Master Pro platform, including:
- Student and customer management
- Attendance tracking
- Staff and teacher administration
- Payment tracking and administrative records
- Operational notifications and reminders
4. Categories of Data Subjects
- Students
- Parents / guardians
- Staff and teachers
- Administrative users
5. Types of Personal Data
- Contact information (name, email, phone)
- Administrative records
- Attendance data
- Payment-related operational data
- Notes entered by the Controller (including compliance-related reminders)
6. Obligations of the Processor
The Processor shall:
- Process personal data only on documented instructions from the Controller
- Ensure confidentiality of persons authorized to process data
- Implement appropriate technical and organizational measures
- Assist the Controller in fulfilling GDPR obligations where applicable
- Not use the data for its own purposes
7. Security Measures
The Processor implements appropriate security measures, including:
- Encrypted HTTPS communication
- Role-based access control
- Authentication mechanisms
- Infrastructure protection measures
- Backup procedures
8. Subprocessors
The Controller authorizes the use of the following subprocessors:
- DigitalOcean – Cloud infrastructure (Frankfurt, Germany – FRA1)
- Stripe – Payment processing
The Processor ensures that subprocessors are selected with reasonable care and provide appropriate data protection safeguards.
9. Customer-Controlled Integrations
The service may allow integrations with third-party platforms such as Google Drive or Dropbox.
- These integrations are activated directly by the Controller
- Data is stored within the Controller’s own third-party accounts
- The Processor does not control or manage these environments
Such services are not considered subprocessors of the Processor, but independent services used directly by the Controller.
10. Data Retention and Deletion
- Upon subscription cancellation, access to the platform is immediately blocked
- Data enters a 30-day quarantine period
- After 30 days, data is permanently and irreversibly deleted
After deletion, personal data is no longer accessible or recoverable within the service.
11. Assistance to the Controller
The Processor will provide reasonable assistance to the Controller in responding to:
- Data access requests
- Data correction requests
- Data deletion requests
- Data export requests
12. Data Transfers
All primary data processing occurs within the European Union.
Where third-party services such as Stripe are used, data may be processed in accordance with their respective legal frameworks and safeguards.
13. Audit and Compliance
The Processor will make available reasonable information necessary to demonstrate compliance with this Agreement upon request.
14. Liability
Each party shall be responsible for its own compliance with applicable data protection laws.
15. Governing Law
This Agreement shall be governed by applicable European Union data protection laws and the laws applicable to the Processor once the company incorporation is completed.
16. Contact
For data protection matters:
Email: privacy@dancemasterpro.com
17. Acceptance
By using the Dance Master Pro service, the Controller acknowledges and accepts this Data Processing Agreement.