Data Processing Agreement (DPA)
Effective Date: 1 June 2025
This DPA applies when Lexagon Group GmbH or Lexagon Capital Partners Singapore Pte. Ltd. (each acting as a "Processor") processes personal data on behalf of a business customer (the "Controller") in connection with services provided under the DOTS&BITS brand, including those delivered via the dotsandbits.com website or related platforms.
-
Roles
Controller
You or your organization, acting as the data controller.
Processor
Depending on the location and scope of services:
-
Lexagon Group GmbH
Seestr. 45
82211 Herrsching
Germany
Registered in Germany
Email: [email protected]
-
Lexagon Capital Partners Singapore Pte. Ltd.
1 Scotts Road, 24-10
Singapore 228208
Registered in Singapore
Email: [email protected]
-
Subject Matter and Duration
This DPA governs the processing of personal data during the provision of services by DOTS&BITS to the Controller and remains valid as long as those services are provided.
-
Nature and Purpose of Processing
- Purpose: Delivering digital services (e.g., software development, hosting, support)
- Processing operations: Collection, storage, access, modification, deletion
- Types of data: Names, email addresses, login credentials, IP addresses, usage data
- Data subjects: End users, customers, employees of the Controller
-
Obligations of DOTS&BITS as Processor
DOTS&BITS will:
- Process personal data only on documented instructions from the Controller;
- Ensure that staff authorized to process personal data are bound by confidentiality;
- Implement appropriate technical and organizational security measures;
- Assist the Controller in fulfilling obligations regarding data subject rights and security (GDPR Articles 32–36);
- Delete or return all personal data upon termination of the services;
- Maintain records of processing activities in accordance with GDPR Article 30(2).
-
Use of Sub-Processors
DOTS&BITS may engage Sub-Processors to support service delivery. We will:
- Ensure Sub-Processors provide the same level of protection as this DPA;
- Maintain a list of Sub-Processors, available upon request;
- Notify Controllers of any intended changes and allow objections where reasonable.
-
International Data Transfers
Where personal data is transferred outside the EEA:
- DOTS&BITS ensures adequate safeguards such as Standard Contractual Clauses (SCCs);
- Transfers are only made to countries offering an adequate level of data protection, or where suitable contractual mechanisms are in place.
-
Controller Responsibilities
As the Controller, you are responsible for:
- Ensuring your instructions are lawful and compliant with data protection laws;
- Obtaining necessary consents from data subjects;
- Ensuring that the shared personal data is accurate, necessary, and limited to what is required.
-
Data Breach Notification
DOTS&BITS will:
- Notify the Controller without undue delay (no later than 48 hours) upon becoming aware of a personal data breach;
- Cooperate with the Controller to mitigate effects and meet regulatory requirements.
-
Audits and Inspections
The Controller may:
- Request summaries of audit reports or certifications (e.g., ISO/third-party audits);
- Conduct an on-site inspection or request documentation once per year with prior notice.
-
Termination and Data Return
Upon termination of services:
- DOTS&BITS will, at the Controller’s request, securely delete or return all personal data;
- Retention will only occur where required by law.
-
Governing Law and Jurisdiction
This DPA is governed by the laws:
- of Germany, if services are provided by Lexagon Group GmbH;
- of Singapore, if services are provided by Lexagon Capital Partners Singapore Pte. Ltd.
Any disputes shall be subject to the exclusive jurisdiction of the respective competent courts in Germany or Singapore, depending on the Processor entity involved.
-
Contact
For data protection inquiries, please contact our Data Protection Officer:
EU: [email protected]
Asia: [email protected]
-
Download PDF
You may download our standard DPA here for your records.
