Skip to content
Back to home
DPA Last updated: 2026-05-20

Data Processing Addendum

A summary of how Formspring processes personal information on behalf of its customers under Article 28 of the GDPR.

This page summarizes the key terms of our Data Processing Addendum. A full, countersignable DPA is available to customers on request and forms part of our agreement with you.

Download DPA summary (.txt)

Roles of the parties

When you collect personal information through Formspring forms, surveys, and funnels, you are the controller of that information under the GDPR. Formspring (Pixel & Process UG, haftungsbeschränkt) acts as your processor and processes that information only on your documented instructions.

Subject matter and duration

The processing covers receiving, storing, routing, analyzing, and deleting form submissions on your behalf, for the duration of your customer agreement with us.

Nature and purpose of processing

We process personal data only to provide the Formspring service: accepting submissions, screening them for spam and abuse, delivering notifications and webhooks, generating optional analytics and AI assistance you have enabled, and deleting data on your schedule. We do not use submission content for advertising and do not build advertising profiles.

Categories of data and data subjects

The data processed is determined by what you choose to collect in your forms, surveys, and funnels. Data subjects are the respondents who submit to those forms. You are responsible for ensuring you have a lawful basis to collect that data.

Technical and organizational measures

We maintain access controls, role-based permissions, private file storage, encryption in transit (TLS 1.2+) and at rest (AES-256), optional per-workspace encryption of sensitive fields, audit logging, backups, monitoring, and defined deletion processes designed to protect personal information.

Confidentiality

Personnel authorized to process customer data are bound by appropriate confidentiality obligations and access data only as needed to operate and support the service.

Sub-processors

We use the sub-processors listed on our sub-processors page. We will inform customers of material changes to that list where the agreement provides for it, and customers may object to a new sub-processor on reasonable data-protection grounds.

Data subject requests

We assist you, to the extent reasonably required by law and our agreement, in responding to requests from individuals exercising their data protection rights, including access, correction, deletion, and portability.

Personal data breaches

We will notify you without undue delay after becoming aware of a personal data breach affecting your data, and provide the information you reasonably need to meet your own notification obligations.

International transfers

Customer data and file uploads are stored and processed in the EU. Where an optional sub-processor involves a transfer outside the EU/EEA, that transfer is covered by an appropriate safeguard such as the Standard Contractual Clauses.

Return and deletion

On termination of your agreement, we delete or return customer personal data in line with your plan and configured retention settings, unless retention is required by law.

How to obtain the signed agreement

This page is a plain-language summary. The full Data Processing Addendum, suitable for signature, is provided on request - email info@pixelandprocess.de from the address associated with your account and we will send it for countersignature.

Request a signed copy

Need a signed copy for procurement or your legal team? Email info@pixelandprocess.de from your account address and we will send the full Data Processing Addendum for countersignature.

info@pixelandprocess.de
Privacy Policy/Terms of Service/DPA/Sub-processors/Cookie settings/Accessibility