enENcsCZfrFRdeDEesESitIT

Data Processing Agreement (DPA)

Last updated: December 19, 2025

This Data Processing Agreement (“DPA”) is concluded in accordance with Article 28 of Regulation (EU) 2016/679 (GDPR).

1. Parties

Controller:
User of the PinnyBinny service (natural or legal person creating and managing boards).

Processor:
Jiří Horák
Company ID (IČO): 64754103
Place of business: Unhošť, Czech Republic
Contact email: support@pinnybinny.com

This DPA is concluded implicitly by using the PinnyBinny service, unless otherwise agreed between the parties.

2. Subject Matter of Processing

The subject of this DPA is the processing of personal data by the Processor on behalf of the Controller for the purpose of providing the PinnyBinny online service, in particular the operation of digital boards and storage of Content.

3. Duration of Processing

Personal data are processed for the duration of the user account or the existence of the Controller’s board. Upon termination, the data are deleted or anonymized without undue delay, unless retention is required by applicable law.

4. Nature and Purpose of Processing

  • storage and display of Board Content,
  • technical operation of the Service,
  • ensuring data security and integrity.

5. Categories of Personal Data

  • IP addresses of Contributors,
  • technical metadata of posts,
  • post content (texts, images, files).

6. Categories of Data Subjects

  • Board Contributors,
  • other third parties whose personal data are included in Content.

7. Processor Obligations

The Processor undertakes to:

  • process personal data only on documented instructions of the Controller,
  • ensure confidentiality of persons authorized to process personal data,
  • implement appropriate technical and organizational measures,
  • engage subprocessors only where necessary,
  • not disclose personal data to third parties without a legal basis.

8. Assistance and Rights

The Processor shall provide reasonable assistance to the Controller in fulfilling data subject rights and GDPR obligations.

9. Personal Data Breaches

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.

10. Audit

The Controller may request reasonable information regarding the technical and organizational measures implemented by the Processor. Any audit shall be limited to the extent necessary to verify GDPR compliance.

Ready to take control of discussions?

Create your first board for free in 30 seconds.

Get started now →