Vonde Studio AI

Data Processing Agreement (DPA)

Data Processing Agreement for the Vonde Studio AI platform

Effective date: May 20, 2026.

Introduction

This Data Processing Agreement ("Agreement") is entered into between the following parties:

Controller:

The customer or user using Vonde Studio AI services ("Controller")

and

Processor:
Vonde Technology, operated by KMAK Kelet-Magyarországi Adatközpont Kft. ("Processor")

1. Definitions

The definitions used in the GDPR (EU Regulation 2016/679) apply to this Agreement.

  • Personal data: information relating to an identified or identifiable natural person.
  • Processing: any operation performed on personal data, such as collection, storage, transfer, or deletion.
  • Data breach: unauthorized access, alteration, loss, or transfer of data.

2. Subject matter and duration of processing

The Processor processes personal data solely for the purpose of providing Vonde Studio AI services.

These services may include, among others:

  • marketing reports,
  • AI-powered analysis,
  • campaign performance analysis,
  • content creation,
  • AI image generation,
  • AI video generation,
  • multi-platform publishing,
  • workflow and reporting functions,
  • marketing system integrations.

Processing continues for the duration of the service or until termination initiated by the Controller.

3. Categories of personal data processed

The Processor may process the following types of data:

  • contact data (name, email address, phone number),
  • account and subscription data,
  • technical data (IP address, device information, browser data),
  • usage and analytics data,
  • marketing and campaign data,
  • data originating from integrated systems,
  • content management and workflow data.

4. Processor obligations

The Processor undertakes to:

  • act only on documented instructions from the Controller,
  • treat personal data confidentially,
  • implement appropriate technical and organizational measures,
  • ensure restricted access,
  • perform regular security checks,
  • notify the Controller without undue delay in the event of a personal data breach,
  • comply with GDPR and applicable data protection laws.

5. Sub-processors

The Processor may use third-party service providers and infrastructure, such as:

  • Amazon Web Services (AWS),
  • Google Cloud / Firebase,
  • Google Analytics,
  • Meta platforms,
  • OpenAI and AI infrastructure providers,
  • other marketing and analytics systems.

The Processor ensures that sub-processors undertake appropriate data protection obligations.

6. International data transfers

Where international data transfers occur, the Processor applies appropriate GDPR-compliant safeguards, including, where necessary, the EU-approved Standard Contractual Clauses.

7. Controller obligations

The Controller is responsible for:

  • ensuring a lawful basis for processing,
  • providing adequate information to data subjects,
  • fulfilling data subject rights under the GDPR,
  • the lawfulness of data handled in integrated systems.

8. Security measures

The Processor applies appropriate technical and organizational measures, including:

  • encrypted data connections,
  • access management,
  • permission levels,
  • regular security audits,
  • backups,
  • monitoring and logging,
  • role-based access controls.

9. Data breaches

In the event of a data breach, the Processor notifies the Controller without undue delay and cooperates in handling and mitigating the incident.

10. Support for data subject rights

The Processor supports the Controller in handling data subject requests, including:

  • access,
  • rectification,
  • erasure,
  • restriction,
  • data portability,
  • the right to object.

11. Termination of the service

Upon termination of the service, the Processor shall, based on the Controller’s instructions:

  • delete,
  • or return

the personal data processed, unless otherwise required by law.

12. Audit and compliance

The Controller is entitled, subject to prior coordination, to review the Processor’s processes and measures related to GDPR compliance.

13. Jurisdiction and applicable law

This Agreement is governed by European Union data protection laws, in particular the GDPR.

14. Amendments to the Agreement

We reserve the right to amend this DPA from time to time. Updated versions will be published on our website.

15. Contact

For questions related to data protection or this DPA, please contact:

Vonde Technology

KMAK Kelet-Magyarországi Adatközpont Kft.

H-5000 Szolnok, Szapáry utca 20.

Email: hello@vondestudio.com

By using Vonde Studio AI services, the parties accept the terms of this Data Processing Agreement.