Skip to main content
All CollectionsData discoveryData privacy and compliance
Cookie Information data processing agreement (DPA)
Cookie Information data processing agreement (DPA)

Learn what a data processing agreement (DPA) is, why it’s important, and how we approach it.

Updated over 4 months ago

At Cookie Information, we prioritize your data protection and compliance needs. With advancements in tracking technologies, such as server-side tracking, our consent log data used for documenting valid consent can, in some cases, be linked to analytics data stored within our customers’ analytics solutions. It’s only possible if customers link the data, not Cookie Information. This data may be considered personal data under the General Data Protection Regulation (GDPR).

When Cookie Information stores or processes personal data on behalf of our customers, we are considered data processors in a data protection context. That’s why it is now necessary for our customers to enter into a data processing agreement (DPA). The DPA is needed if you evaluate that you can link analytics data and consent log data. This usually happens if you use server-side tracking.

This article will explain what a DPA is, why it’s important, and how you can manage it easily with Cookie Information.

What is a data processing agreement (DPA)?

A data processing agreement (DPA) is a legal document under GDPR that defines the responsibilities, obligations, and protections involved in handling personal data. This binding agreement is signed between the data controller and the processor. DPAs are required when a data processor handles data on behalf of a controller.

Crucial aspects of a DPA involve:

  • Defining scope

  • Rights and responsibilities

  • Technical measures

  • Sub-contractual relationships

  • Annexes detailing security measures and sub-processors

Why a DPA is important

The DPA ensures that Cookie Information, as a data processor, handles your customer and users data in compliance with GDPR and other relevant regulations.

When you sign the DPA with Cookie Information, we guarantee that both your data and your users' personal data will be handled securely and in line with the privacy laws.

Who the DPA affects

The DPA affects all Cookie Information customers who use tracking technologies and link consent data to other analytics data as this data may be considered personal data under the GDPR.

What you need to do

You don’t need to do anything.

If you became our customer after August 8, 2024, your DPA was included in the contract and terms of service you signed with us.

If you became our customer before August 8, 2024, we’ll send you an email with all the details about the upcoming changes and inform you that we’ve added the DPA to your contract and terms of service.

How this affects my current service

No worries, your service won’t be interrupted. The DPA simply formalizes our commitment to data protection and GDPR compliance.

If you need a signed DPA, you can download it here.

If you have any questions about the Cookie Information data protection agreement, reach out to us at support@cookieinformation.com.

Related articles

Did this answer your question?