Data Processors and their DPA resources

This collection aims to help you with establishing GDPR compliance by concluding the required Data Processing Agreements (DPA) between you and the services processing personal data on your behalf (“Data Processors”).

The list is curated by Joschi Kuphal, Sebastian Greger and Baltasar Cevc and complements their current workshop series about data protection and ethical design issues. ⚠ It is meant as a tool to get a quick entry and first orientation only. It does not replace a thorough and independent check of your individual legal requirements. ⚠

Contribute

Please send in pull requests (learn how) for updates and additions. For instance, you may suggest additional data processors, resources or URLs to conversations and official statements on the web. Please understand that we can only accept URLs that point to the data processors’ official websites or social media profiles (we will only quote non-published information as comments that we have retrieved ourselves first-hand). Thanks for your support! 🙇

Alphabetical list

Data Processor Status Resources Comment
1und1 🔍 German DPA  
Adobe 🔍 English Online Form  
Algolia English DPA (PDF)
GDPR information
 
All-Inkl.com Pre-filled download from customer’s Members Area (Stammdaten › Auftragsverarbeitung).  
Amazon AWS English website
German website
 
Atlassian Cloud English website DPA available on request for Atlassian Cloud customers
Automattic English Support Article  
billbee German blog post about their future plans regarding their GDPR implementation.  
Cloudflare English DPA (PDF)  
DigitalOcean English DPA
Detailed information about data security
 
DomainFactory German DPA (PDF)
German blog posts 1, 2
 
Dropbox 🔍 English DPA for Business Accounts (PDF) Only Business accounts are supported; Standard, Plus and Professional accounts do not have the ability to sign a DPA.
etracker German DPA The DPA can be concluded online under account settings
Eventbrite Data Processing Addendum (DPA) for Organizers Privacy Shield; It should be double-checked in how far the addendum is truly and reliably binding
Fullstory Online Form Privacy Shield
Gravatar English Support Article Part of Automattic
Github English forum entry
Contact form
Privacy Shield.
DPA for organisations available on request via support contact.
Gmail (via G Suite) G Suite Administrator Help (multiple languages)  
Google Analytics DPA instructions  
Hetzner English news article
German news article
 
Host Europe German DPA  
Hotjar English DPA  
Hubspot English DPA  
Issuu “we are working on becoming GDPR compliant” and we “will update them as soon as we have all of our changes and new policies in place”
KeyCDN General Information
English Tweet stating they will provide a DPA which will be available in May
“Our privacy team is continually reviewing our features and practices to ensure we support our customers with their GDPR compliance requirements.”
LinkedIn English DPA
French DPA
German DPA
Spanish DPA
Portuguese DPA
Privacy Shield; DPA incorporated into the “LinkedIn Contract”
Mailjet English FAQ  
Mailchimp English Online Form Privacy Shield
Mandrill English Online Form  
Manitu German website DPA available online  
Mapbox Can be obtained via email to privacy@mapbox.com  
MaxCDN English website  
MaxCluster Download via Customer Backend  
micropayment Online Form for registered / logged-in users  
Mittwald Comment in German blog post, available from customer service  
Mouseflow Contact form  
Netcup German Wiki  
Netlify English Tweet, stating they will post a DPA very soon. Privacy Shield
Newsletter2Go German Website  
Postmark English Website, DPA available online Privacy Shield
“We reviewed our data processing activities, and are making any changes that are needed in advance of the GDPR effective date.”
Salesforce English Website, English DPA (PDF) Privacy Shield
Scopevisio German DPA  
Simplecast Data Processing Addendum DPA – Including EU Standard Contractual Clauses)
Slack Data Processing Addendum Privacy Shield
Strato German Website  
Stripe Data Processing Addendum (you need to be logged into your account to accept it)
English Privacy Shield Policy
Stripe Services Agreement (multilingual)
Privacy Shield
TinyLetter English Online Form Privacy Shield; part of Mailchimp
Toggl Promises to be “fully be GDPR compliant by the May deadline”, but “doesn’t feel that a DPA is needed at this time”. At the moment it’s unclear how this solution will look like and whether it’s going to be truly GDPR compliant.
Trello English forum entry stating that there will be a DPA until May 2018
Trello and GDPR (multiple languages)
Revised Privacy Policy (multiple languages; effective as of May 25th, 2018)
Trust @ Trello
Privacy Shield; part of Atlassian
Twilio 🔍 Online Form (Preview) (English) Privacy Shield
TypeKit 🔍 Online Form (English) Part of Adobe
Travis CI English DPA  
Uberspace German DPA, can be signed via the dashboard  
Webgo Online Form  
WebhostOne German FAQ  
Wordpress.com English Support Article Run by Automattic
WPengine English DPA  
Zapier English support article
GDPR Compliance Updates
We at Zapier wholeheartedly support the privacy rights of our customers and our users and are proactively working toward GDPR compliance by May 25th, 2018.
Zendesk English FAQ support article “Zendesk will be compliant with the GDPR when it becomes enforceable in May 2018.

Legend

Symbol Meaning
It’s currently unknown whether or not this service provides a GDPR compliant DPA
As far as the curators know, the data processor is busy with unspecified preparations for what they believe is GDPR-compliant; this may or may not include a DPA
🔍 The curators are currently reviewing the specified resources
This service provides a DPA that it declares to be GDPR compliant
This service doesn’t provide a GDPR compliant DPA (whether or not that’s a valid state)