πŸ‡«πŸ‡· Legal Notice: This English version is provided for convenience only. In case of any discrepancy, the French version shall prevail and be legally binding.

Data Processing Agreement (DPA)

Data Processing Agreement - GDPR Article 28

Last updated: January 4, 2026

1. Object and Definitions

1.1 Object

This agreement defines the conditions under which Askelia SASU ("SoWasIt") processes personal data on behalf of the Client as part of providing the blockchain timestamping service.

1.2 Definitions

  • Data controller: The Client who determines the purposes and means of processing
  • Processor: Askelia SASU which processes personal data on behalf of the Client
  • Personal data: Any information relating to an identified or identifiable natural person
  • Regulation: GDPR and any applicable regulation regarding data protection

2. Processing Description

2.1 Nature and Purpose

  • Collection and cryptographic timestamping of data
  • Secure storage of information
  • Provision of verification services
  • Access management according to Client-defined parameters

2.2 Data Categories

Personal data processed depends on Client usage and may include any information provided through the service.

2.3 Data Subject Categories

According to Client's use of the service: customers, employees, partners, or any person whose data the Client processes.

3. Processor Obligations

3.1 Processing Instructions

SoWasIt undertakes to:

  • Process data only according to Client instructions via service usage
  • Inform the Client if an instruction appears contrary to regulation
  • Not use personal data for purposes other than service provision

3.2 Confidentiality

SoWasIt guarantees personal data confidentiality according to parameters chosen by the Client (public or private chains).

3.3 Security

SoWasIt implements appropriate security measures:

  • Data transmission security
  • Hosting infrastructure protection
  • Access controls adapted to chain type
  • Backup and continuity measures

4. Sub-processing

4.1 Authorized Sub-processors

The Client authorizes the use of the following sub-processors:

  • OVH SAS: Infrastructure hosting (France/EU)
  • Stripe: Payment processing
  • Email providers: Notification sending

4.2 New Sub-processor

Any use of a new sub-processor will be subject to Client information.

5. International Transfers

Data is primarily processed within the European Union. Any transfer to a third country respects appropriate guarantees required by regulation.

6. Data Subject Rights

6.1 Assistance

SoWasIt assists the Client as far as possible to respond to data subject rights exercise requests.

6.2 Technical Specificities

Certain requests may be limited by blockchain technical characteristics. SoWasIt provides technical information necessary to understand these limitations.

7. Data Breach

In case of personal data breach, SoWasIt informs the Client as soon as possible and cooperates to assess impact and measures to take.

8. Impact Assessment

SoWasIt provides technical information necessary to enable the Client to perform data protection impact assessments.

9. Control and Audit

SoWasIt makes available reasonably necessary information to demonstrate compliance and allows audits according to terms to be agreed.

10. Duration and End of Processing

10.1 Duration

This agreement applies throughout the service contract duration.

10.2 Data Fate

At contract end, data is returned to the Client in exploitable format or destroyed according to instructions, subject to legal obligations and technical blockchain constraints.

11. Liability

Each party is responsible for breaches of obligations incumbent upon them under data protection regulation, within limits provided by general service conditions.

12. Modification

This agreement may be modified in case of service or applicable regulation evolution.

13. Contact

For any questions regarding this DPA:

  • Email: dpa@sowasit.io
  • General contact: contact@sowasit.io

This DPA complements the SoWasIt service terms and conditions.