BETWEEN:

Elara Aerospace
Lothstraße 21
80335 Munich (Germany)
team@elara-aerospace.com
(“Data Controller”)

AND

3rd-party providers (such as Google, Hubspot, Meta & OpenStreetMap)
(“Data Processor”)

1. Introduction

1.1 This Data Processing Agreement (“DPA”) outlines the obligations and rights related to the processing of Personal Data by the Data Processor on behalf of the Data Controller in accordance with applicable data protection laws.

1.2 This DPA is an appendix to the main service agreement between the parties (“the Agreement”). In case of any conflict between this DPA and the Agreement, this DPA shall prevail.

2. Purpose and Scope

2.1 The Data Processor shall process Personal Data solely for the purpose of fulfilling its obligations under the Agreement and in compliance with the instructions provided by the Data Controller.

2.2 The Data Controller remains the sole owner of all Personal Data and retains control over its processing.

3. Definitions

3.1 Personal Data: Any information relating to an identified or identifiable natural person.

3.2 Processing: Any operation or set of operations performed on Personal Data, including collection, storage, use, and deletion.

3.3 Data Subject: An individual whose Personal Data is processed under this DPA.

4. Obligations of the Data Processor

4.1 The Data Processor agrees to:

• Process Personal Data only on documented instructions from the Data Controller.
• Ensure that personnel authorized to process Personal Data are committed to confidentiality.
• Implement appropriate technical and organizational measures to protect Personal Data against unauthorized access or processing.

4.2 The Data Processor shall assist the Data Controller in ensuring compliance with its obligations under applicable data protection laws, including responding to requests from Data Subjects.

5. Rights and Responsibilities of the Data Controller

5.1 The Data Controller is responsible for ensuring that it has a lawful basis for processing Personal Data and that it provides clear instructions to the Data Processor regarding such processing.

5.2 The Data Controller must inform the Data Processor promptly if it becomes aware of any breach of Personal Data or if it receives a request from a Data Subject regarding their rights.

6. Subprocessing

6.1 The Data Processor may engage subprocessors to assist in processing Personal Data, provided that:

• The subprocessor is bound by written contractual obligations that provide at least the same level of data protection as this DPA.
• The Data Controller is notified of any intended changes concerning the addition or replacement of subprocessors.

7. Termination and Deletion of Personal Data

7.1 Upon termination of this DPA, the Data Processor shall delete or return all Personal Data to the Data Controller, unless otherwise required by law.

8. Governing Law

8.1 This DPA shall be governed by and construed in accordance with EU-GDPR regulations.