Data Processing Agreement

Version: 2026-05-10 · GDPR Art. 28

This DPA forms part of the Terms of Service. The Customer is the controller; QBeat Technologies Ltd ("Metix") is the processor. By accepting the Terms at signup, the Customer accepts this DPA on behalf of itself and its affiliates that use the Service.

1. Scope and purpose

Metix processes personal data on the Customer's behalf solely to provide the Service set out in the Terms — operating the HR platform, supporting compliance with EU Directive 2023/970, running statutory reports the Customer requests, and providing support.

2. Subject matter, duration, nature, purpose

3. Categories of data subjects

4. Categories of personal data

5. Processor obligations (Art. 28(3))

6. International transfers

Where Metix or a sub-processor transfers personal data outside the EEA, the transfer is covered by Standard Contractual Clauses (Decision (EU) 2021/914) plus supplementary measures per the Schrems II analysis.

7. Sub-processors

The Customer authorises the following sub-processors. Changes are notified at least thirty days in advance with a right of reasonable objection.

Sub-processorServiceRegionTransfer
Hetzner Online GmbHCompute, storage, networkGermany / Finland (EU)Within EEA
Stripe Payments Europe LtdBillingIreland (with US affiliate)SCCs (US transfers)
ResendTransactional emailUnited StatesSCCs
Sentry GmbHError monitoringGermany (EU tier)Within EEA

8. Security

9. Data subject rights

Where a data subject contacts Metix directly, Metix forwards the request to the Customer without undue delay. Self-serve tools for access, rectification, export, and erasure are available.

10. Return or deletion of data

On termination, Metix gives the Customer thirty days to export data, then deletes or anonymises within ninety days, save where retention is required by law.

11. Conflict

In the event of conflict between this DPA and the Terms, this DPA prevails for matters of personal-data processing.