Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between Pitchroom ApS, CVR 46441222 ("Data Processor" or "Pitchroom") and the registered user of the Platform ("Data Controller" or "User").

Scope and Purpose

This DPA applies when Pitchroom processes Personal Data on behalf of the User while providing the Pitchroom fundraising platform. The User acts as the Data Controller, determining the purpose and means of processing. Pitchroom acts as the Data Processor, processing data solely on the User's documented instructions.

Details of Processing

Subject Matter

The provision of the Pitchroom platform, including hosting pitch decks, videos, and contact lists, and tracking engagement metrics.

Duration

For the duration of the User's active subscription or account on the Platform.

Nature and Purpose

To facilitate the sharing of fundraising materials and track investor interactions on behalf of the User.

Types of Personal Data

Names, email addresses, phone numbers, IP addresses, and platform engagement data (e.g., document viewing time, video play rates) of the investors or contacts uploaded by the User.

Categories of Data Subjects

The User's potential investors, partners, clients, or other third-party contacts.

Obligations of the Data Processor (Pitchroom)

Pitchroom agrees to:

  • Process the Personal Data only on documented instructions from the User, unless required to do so by EU or Danish law.
  • Ensure that persons authorized to process the Personal Data (e.g., employees) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, protecting data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure.

Sub-processors

The User grants Pitchroom general written authorization to engage third-party sub-processors (e.g., cloud hosting providers) to fulfill its contractual obligations. Pitchroom will:

  • Enter into a written agreement with any sub-processor imposing the same data protection obligations as set out in this DPA.
  • Remain fully liable to the User for the performance of the sub-processor's obligations.
  • Notify the User of any intended changes concerning the addition or replacement of sub-processors, giving the User the opportunity to object.

Assistance to the Data Controller

Taking into account the nature of the processing, Pitchroom will assist the User by:

  • Implementing appropriate technical measures to help the User fulfill obligations to respond to requests from Data Subjects exercising their GDPR rights (e.g., right to access, right to be forgotten).
  • Assisting in ensuring compliance with obligations regarding data security, personal data breach notifications, and data protection impact assessments.

Personal Data Breaches

In the event of a confirmed Personal Data breach affecting the User's data, Pitchroom will notify the User without undue delay after becoming aware of it. Pitchroom will provide reasonable assistance to help the User investigate and report the breach to the relevant supervisory authority (e.g., Datatilsynet).

Deletion or Return of Data

Upon termination of the User's account or at the end of the provision of services, Pitchroom will, at the choice of the User, delete or return all Personal Data to the User, and delete existing copies unless EU or Danish law requires storage of the Personal Data.

Audits and Inspections

Pitchroom will make available to the User all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User.