Data Processing Agreement

This summary applies when AESTHETECH Sp. z o.o. processes personal data on behalf of a client, for example, conversations captured by an agent on the client's website. It is summarised here; the binding DPA is signed with each client.

The client is the controller and decides why and how data is processed. AESTHETECH is the processor and acts only on the client's documented instructions.

We process visitor contact details and conversation content to provide the CRM and agent services. We engage sub-processors for hosting and infrastructure under equivalent obligations, and maintain an up-to-date list available on request.

Encryption in transit and at rest, role-based access control, PII redaction, audit logging, and least-privilege access. Personnel are bound by confidentiality.

International transfers rely on Standard Contractual Clauses. We assist the controller with data-subject requests and breach notification, and return or delete data on termination.