AriseNote

Data Processing Agreement

Last Updated: December 10, 2025

1. Introduction and Definitions

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer," "you," or "your") and Maksim Gusev (Einzelunternehmer), operating as AriseNote ("AriseNote," "we," "us," or "our").

This DPA applies when AriseNote processes Personal Data on behalf of Customer in connection with the provision of the AriseNote service ("Services"). This DPA is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and other applicable data protection laws.

1.1 Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person that AriseNote processes on behalf of Customer through the Services.
  • "Processing" means any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
  • "Controller" means the entity that determines the purposes and means of Processing Personal Data. For Personal Data from Notion databases, the Customer is the Controller.
  • "Processor" means the entity that Processes Personal Data on behalf of the Controller. For Personal Data from Notion databases, AriseNote is the Processor.
  • "Sub-processor" means any third-party processor engaged by AriseNote to Process Personal Data on behalf of Customer.
  • "Data Protection Laws" means all applicable laws and regulations relating to the Processing of Personal Data, including GDPR, UK GDPR, and CCPA.
  • "Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries approved by the European Commission.

1.2 Scope of DPA

This DPA applies to:

  • Customer Data: Personal Data contained in Notion databases that Customer grants AriseNote access to through the Notion integration
  • Widget Configurations: Settings and configurations you create for displaying widgets
  • User Information: Information about the user or users managing the AriseNote account

This DPA does not apply to AriseNote's own collection and processing of Personal Data for which AriseNote is the Controller (such as account registration information, billing information, and service usage analytics). Such processing is governed by our Privacy Policy.

1.3 Order of Precedence

In the event of any conflict or inconsistency between this DPA and the Terms of Service, this DPA shall take precedence with respect to the Processing of Personal Data.

2. Roles and Responsibilities

2.1 Customer as Controller

For Personal Data from Notion databases:

  • Customer is the Controller and determines what Personal Data is processed by granting AriseNote access to specific Notion pages and databases
  • Customer is responsible for:
    • Ensuring it has a lawful basis for Processing Personal Data
    • Obtaining all necessary consents from Data Subjects
    • Complying with Data Protection Laws in its use of the Services
    • Providing legally adequate privacy notices to Data Subjects
    • Determining which Notion databases to connect to AriseNote
    • Ensuring it has authority to share the Personal Data with AriseNote

2.2 AriseNote as Processor

For Personal Data from Notion databases:

  • AriseNote is the Processor and Processes Personal Data only on documented instructions from Customer
  • AriseNote's documented instructions are:
    • To read and temporarily cache database contents for the purpose of displaying widgets as configured by Customer
    • To perform operations necessary to provide the Services as described in the Terms of Service
    • To comply with applicable legal obligations

AriseNote will not:

  • Process Personal Data for any purpose other than providing the Services to Customer
  • Sell Personal Data to third parties
  • Use Personal Data to train AI or machine learning models
  • Share Personal Data except as authorized in this DPA or required by law

2.3 Customer Instructions

Customer instructs AriseNote to Process Personal Data as follows:

  1. Purpose: To provide the AriseNote service, including reading Notion database contents and displaying them through interactive widgets as configured by Customer
  2. Duration: For the duration of Customer's subscription and as necessary to provide the Services
  3. Nature of Processing:
    • Reading database contents from Notion API in real-time
    • Temporarily caching data for performance (less than 24 hours)
    • Displaying data through widgets according to Customer's configuration
    • Storing widget configuration settings
  4. Type of Personal Data: Any Personal Data contained in Notion databases that Customer grants AriseNote access to, which may include:
    • Names, email addresses, phone numbers
    • Job titles, company information
    • Task descriptions, project notes
    • Any other information Customer chooses to store in connected databases
  5. Categories of Data Subjects: Any individuals whose Personal Data is contained in Customer's Notion databases, which may include:
    • Customer's employees, contractors, or team members
    • Customer's clients or business contacts
    • Any other individuals whose information is stored in connected databases

Customer acknowledges that AriseNote relies on Customer to provide lawful instructions. If Customer believes AriseNote is Processing Personal Data in violation of Data Protection Laws, Customer must immediately notify AriseNote.

3. Data Security and Confidentiality

3.1 Security Measures

AriseNote implements appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful Processing, accidental loss, destruction, damage, alteration, or disclosure, including:

Technical Measures:

  • Encryption:
    • Data in transit encrypted using TLS 1.3
    • Database encryption at rest
    • Secure password hashing with bcrypt and salt
  • Network Security:
    • Firewall protection
    • Intrusion detection systems
    • DDoS mitigation
    • Regular security updates and patches
  • Access Controls:
    • Role-based access control (RBAC)
    • Multi-factor authentication for administrative access
    • Principle of least privilege
    • Regular access reviews and deprovisioning
  • Data Isolation:
    • Customer data isolated in separate database schemas
    • Application-level data segregation
    • Secure API authentication tokens

Organizational Measures:

  • Personnel Security:
    • Background checks for employees with access to systems
    • Confidentiality agreements for all personnel
    • Security awareness training
    • Clear data handling procedures
  • Incident Response:
    • Security incident detection and monitoring
    • Documented incident response procedures
    • Breach notification protocols (see Section 5)
  • Secure Development:
    • Secure coding standards
    • Code review processes
    • Protection against OWASP Top 10 vulnerabilities
    • Regular security testing
  • Physical Security:
    • Servers hosted in ISO 27001 certified Hetzner data centers
    • Physical access controls
    • Environmental controls (fire suppression, cooling)
    • Video surveillance and security personnel
  • Business Continuity:
    • Regular automated backups
    • Disaster recovery procedures
    • Geographic redundancy where applicable
    • Tested recovery processes

3.2 Regular Security Reviews

AriseNote conducts regular security assessments, including:

  • Ongoing vulnerability scanning
  • Security audits and reviews
  • Penetration testing (at least annually)
  • Third-party security assessments

Customer may request (no more than once per year) reasonable information about AriseNote's security measures. Such requests should be made to help@arisenote.com.

3.3 Personnel Confidentiality

AriseNote ensures that all personnel who have access to Personal Data:

  • Are subject to appropriate confidentiality obligations
  • Are trained on data protection requirements
  • Process Personal Data only as instructed by Customer (through the Services) or as required by law
  • Understand their responsibilities under this DPA

3.4 Updates to Security Measures

AriseNote may update its security measures from time to time, provided that such updates do not result in a material degradation of the security of Personal Data. AriseNote will notify Customer of material changes to security measures.

4. Sub-processors

4.1 Authorized Sub-processors

Customer acknowledges and agrees that AriseNote may engage third-party Sub-processors to Process Personal Data. AriseNote's current Sub-processors are:

Sub-processorService ProvidedData ProcessedLocation
Hetzner Online GmbHServer hosting, database hostingAll Customer DataGermany (EU) for EU users; United States for US users
Amazon Web Services (AWS)File storage (S3) for profile avatarsProfile imagesUnited States
Stripe, Inc.Payment processingBilling information, email, last 4 digits of cardUnited States
Mailgun Technologies, Inc.Email deliveryEmail addresses, names, email contentUnited States
Notion Labs, Inc.API integrationAccess tokens, database IDsUnited States

A complete and up-to-date list of Sub-processors is available at: link to Subprocessors page

4.2 Sub-processor Obligations

When engaging Sub-processors, AriseNote:

  • Enters into a written agreement with the Sub-processor imposing data protection obligations substantially similar to those in this DPA
  • Ensures the Sub-processor provides appropriate security measures
  • Remains liable to Customer for the performance of the Sub-processor's obligations

4.3 Changes to Sub-processors

AriseNote will provide Customer with at least 30 days' advance notice of:

  • The addition of any new Sub-processor
  • The replacement of an existing Sub-processor
  • Material changes to a Sub-processor's role

Notice will be provided via:

  • Email to the address associated with Customer's account
  • Update to our Subprocessors page
  • Announcement on our Service status page

4.4 Objection to Sub-processors

If Customer has a legitimate reason to object to a new Sub-processor based on data protection concerns, Customer may:

  1. Notify AriseNote in writing within 15 days of receiving notice
  2. Provide specific reasons for the objection related to data protection
  3. Work with AriseNote to find a commercially reasonable resolution

If the parties cannot reach a resolution within 30 days, Customer may terminate the affected portion of the Services and receive a pro-rata refund for the unused subscription period.

5. Data Subject Rights

5.1 Assisting with Data Subject Requests

AriseNote will assist Customer in responding to requests from Data Subjects to exercise their rights under Data Protection Laws, including:

  • Right to access Personal Data
  • Right to rectify inaccurate Personal Data
  • Right to erase Personal Data ("right to be forgotten")
  • Right to restrict Processing
  • Right to data portability
  • Right to object to Processing
  • Rights related to automated decision-making and profiling

5.2 Customer Responsibility

Customer is responsible for responding to Data Subject requests. If AriseNote receives a Data Subject request directly, AriseNote will:

  • Notify Customer without undue delay (within 2 business days)
  • Not respond to the Data Subject directly without Customer's authorization (unless required by law)
  • Provide reasonable assistance to Customer in responding to the request

5.3 Data Export and Portability

Upon Customer's request, AriseNote will provide Customer's data in commonly used formats:

  • JSON format for structured data
  • CSV format for database exports
  • Original file formats for uploaded content

Data export requests can be made through:

5.4 Data Deletion

Customer may delete Personal Data by:

  • Disconnecting Notion databases from AriseNote
  • Deleting specific widgets
  • Deleting their entire AriseNote account

Upon account deletion:

  • Widget configurations deleted immediately
  • Account data retained for 30 days, then permanently deleted
  • Notion database contents not permanently stored (only cached temporarily for < 24 hours)

See our Privacy Policy Section 7.2 for complete data retention details.

6. Data Breach Notification

6.1 Breach Notification Obligations

In the event of a Personal Data breach affecting Customer Data, AriseNote will:

  1. Notify Customer without undue delay and in any event within 72 hours of becoming aware of the breach
  2. Provide the following information (to the extent available):
    • Description of the nature of the breach
    • Categories and approximate number of Data Subjects affected
    • Categories and approximate number of Personal Data records affected
    • Likely consequences of the breach
    • Measures taken or proposed to address the breach
    • Measures taken or proposed to mitigate potential adverse effects
    • Contact point for more information
  3. Provide reasonable cooperation to Customer in investigating and mitigating the breach

6.2 Notification Method

Breach notifications will be sent to Customer via:

6.3 Customer Responsibilities

Customer is responsible for:

  • Ensuring AriseNote has current contact information
  • Notifying affected Data Subjects if required by law
  • Notifying supervisory authorities if required by law
  • Meeting its own breach notification obligations under Data Protection Laws

6.4 Documentation

AriseNote will maintain records of Personal Data breaches, including:

  • Facts relating to the breach
  • Effects of the breach
  • Remedial action taken

These records will be made available to Customer and supervisory authorities upon request.

7. International Data Transfers

7.1 Data Storage Locations

AriseNote stores and processes Customer Data in the following locations:

  • Primary Storage:
    • EU Users: Hetzner data centers in Germany (EU)
    • US Users: Hetzner data centers in United States
  • Sub-processor Locations:
    • AWS S3: United States (profile avatars)
    • Stripe: United States (payment processing)
    • Mailgun: United States (email delivery)
    • Notion: United States (API integration)

7.2 Transfers Outside the EEA

For transfers of Personal Data from the European Economic Area (EEA) or United Kingdom to countries not recognized as providing adequate protection, AriseNote relies on the following mechanisms:

Standard Contractual Clauses (SCCs):

AriseNote has implemented Standard Contractual Clauses approved by the European Commission for transfers to Sub-processors in third countries. The SCCs are incorporated into our agreements with:

  • AWS (file storage)
  • Stripe (payment processing)
  • Mailgun (email delivery)
  • Notion (API integration)

Technical Safeguards:

In addition to SCCs, AriseNote implements technical safeguards for international transfers:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest
  • Strong access controls and authentication
  • Regular security audits
  • Monitoring and logging

UK International Data Transfer Agreement (IDTA):

For transfers from the UK, AriseNote uses the UK International Data Transfer Agreement or UK Addendum to the EU SCCs, as applicable.

7.3 Customer Consent

By using the Services and accepting this DPA, Customer:

  • Acknowledges that Personal Data may be transferred to and processed in the locations described above
  • Consents to such transfers when consent is the appropriate legal mechanism
  • Authorizes AriseNote to implement SCCs and other transfer mechanisms on Customer's behalf

7.4 Onward Transfers

If a Sub-processor further transfers Personal Data to another country (onward transfer), AriseNote ensures that appropriate safeguards are in place, including:

  • SCCs or equivalent mechanisms
  • Adequacy decisions by the European Commission (where applicable)
  • Technical and organizational security measures

7.5 Changes to Data Processing Locations

AriseNote will provide Customer with 30 days' advance notice of any material changes to data processing locations or transfer mechanisms. If Customer objects on reasonable data protection grounds, the provisions of Section 4.4 (Objection to Sub-processors) apply.

8. Audits and Compliance

8.1 Customer Audit Rights

Customer has the right to audit AriseNote's compliance with this DPA, subject to the following conditions:

Audit Frequency:

  • No more than once per calendar year
  • Or more frequently if required by a supervisory authority or in response to a suspected breach

Audit Scope:

  • AriseNote's Processing of Customer's Personal Data
  • Compliance with this DPA and Data Protection Laws
  • Security measures and controls

Audit Process:

  1. Customer must provide at least 30 days' written notice to help@arisenote.com
  2. Audits must be conducted during normal business hours (CET timezone)
  3. Audits must not unreasonably interfere with AriseNote's business operations
  4. Customer must use reasonable efforts to minimize disruption
  5. Audits may be conducted by Customer or an independent third-party auditor (subject to confidentiality obligations)

8.2 Information and Cooperation

In lieu of an on-site audit, Customer may request that AriseNote provide:

  • Written responses to information security questionnaires (maximum once per year)
  • Copies of relevant security certifications or audit reports (e.g., SOC 2, ISO 27001) when available
  • Documentation of security measures and controls
  • Evidence of compliance with this DPA

AriseNote will respond to such requests within 30 days.

8.3 Audit Costs

  • Customer bears all costs of conducting audits
  • If an audit reveals non-compliance by AriseNote, AriseNote will bear reasonable costs of the audit
  • AriseNote may charge reasonable fees for extensive information requests or repeated audits

8.4 Confidentiality

All information obtained during an audit is confidential and subject to:

  • Use only for the purpose of verifying compliance
  • No disclosure to third parties (except as required by law or to advisors under confidentiality obligations)
  • Return or destruction of confidential information after audit completion

8.5 Remediation

If an audit reveals non-compliance:

  1. AriseNote will provide a written remediation plan within 15 days
  2. AriseNote will implement the remediation plan within an agreed timeframe
  3. Customer may conduct a follow-up audit to verify remediation

9. Return and Deletion of Personal Data

9.1 Return of Personal Data

Upon termination or expiration of Customer's subscription, Customer may request return of Personal Data by:

  • Exporting data through account settings (available while account is active)
  • Contacting help@arisenote.com within 30 days of termination

AriseNote will provide Customer Data in:

  • JSON format for structured data
  • CSV format for database exports
  • Original file formats for uploaded content

9.2 Deletion of Personal Data

Following termination or expiration of the Services:

Immediate Deletion:

  • Active sessions and access tokens
  • Widget configurations and settings (unless Customer requests export)
  • Real-time connections to Notion databases

Deletion After 30 Days:

  • Account information and credentials
  • Profile avatars stored in AWS S3
  • Widget configuration backups
  • Support correspondence

Retention for Legal Compliance:

  • Transaction records: Retained for 10 years as required by tax regulations
  • De-identified analytics data: May be retained indefinitely (cannot identify Customer or Data Subjects)

9.3 Certification of Deletion

Upon request, AriseNote will provide written certification that Personal Data has been deleted in accordance with this DPA. Requests should be made to help@arisenote.com.

9.4 Backup Copies

Personal Data may remain in AriseNote's backup systems for up to 30 days following deletion from production systems. Backup copies are:

  • Securely encrypted
  • Not accessible for normal business operations
  • Subject to the same security measures as production data
  • Overwritten according to AriseNote's backup rotation schedule

9.5 Exceptions to Deletion

AriseNote may retain Personal Data to the extent required by:

  • Applicable laws and regulations (e.g., tax and accounting requirements)
  • Court orders or other legal obligations
  • Good faith belief that retention is necessary to defend legal claims

In such cases, AriseNote will:

  • Inform Customer of the legal basis for retention
  • Limit retention to the minimum necessary period
  • Continue to protect the data with appropriate security measures
  • Delete the data once the legal obligation ends

10. Limitation of Liability

10.1 Liability Cap

Each party's liability under this DPA shall be subject to the limitations of liability set forth in the Terms of Service.

10.2 Direct Damages

To the extent permitted by applicable law, AriseNote's total liability for direct damages arising out of or related to this DPA shall not exceed the total amount Customer paid to AriseNote for the Services during the 12 months preceding the event giving rise to liability.

10.3 Indirect Damages

To the maximum extent permitted by law, neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, revenue, data, or business opportunities.

10.4 Exceptions

Nothing in this DPA limits or excludes either party's liability for:

  • Death or personal injury caused by negligence
  • Fraud or fraudulent misrepresentation
  • Gross negligence or willful misconduct
  • Breach of confidentiality obligations
  • Indemnification obligations under Section 11
  • Violations of Data Protection Laws where liability cannot be limited by law
  • Any other liability that cannot be limited or excluded by applicable law

10.5 GDPR-Specific Liability

Under GDPR Article 82:

  • Each party is liable for damages caused by Processing that infringes GDPR requirements
  • AriseNote is exempt from liability if it proves it is not in any way responsible for the event giving rise to the damage
  • Where more than one party is involved in the same Processing, each party is jointly and severally liable for the entire damage

11. Indemnification

11.1 AriseNote's Indemnification

AriseNote will indemnify, defend, and hold harmless Customer from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from:

  • AriseNote's breach of this DPA
  • AriseNote's violation of Data Protection Laws in its role as Processor
  • AriseNote's failure to implement appropriate security measures as required by this DPA
  • Unauthorized Processing of Personal Data by AriseNote or its Sub-processors

Conditions:

  • Customer must promptly notify AriseNote of any claim
  • AriseNote has sole control over defense and settlement
  • Customer must reasonably cooperate in the defense
  • Customer does not admit liability or settle without AriseNote's consent

11.2 Customer's Indemnification

Customer will indemnify, defend, and hold harmless AriseNote from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from:

  • Customer's breach of this DPA
  • Customer's violation of Data Protection Laws in its role as Controller
  • Customer's failure to obtain necessary consents or provide required notices to Data Subjects
  • Customer's instructions to Process Personal Data in violation of Data Protection Laws
  • Claims that Customer does not have the right to share Personal Data with AriseNote

Conditions:

  • AriseNote must promptly notify Customer of any claim
  • Customer has sole control over defense and settlement
  • AriseNote must reasonably cooperate in the defense
  • AriseNote does not admit liability or settle without Customer's consent

11.3 Mutual Indemnification

Each party will indemnify the other for any fines, penalties, or sanctions imposed by a supervisory authority to the extent such fines result from the indemnifying party's breach of this DPA or Data Protection Laws.

12. Term and Termination

12.1 Term

This DPA takes effect on the date Customer accepts the Terms of Service and continues until:

  • Customer's subscription is terminated
  • Customer deletes their account
  • The Terms of Service are terminated

12.2 Termination for Breach

Either party may terminate this DPA if:

  • The other party materially breaches this DPA and fails to cure within 30 days of written notice
  • The other party's Processing violates Data Protection Laws and cannot be remedied

12.3 Effect of Termination

Upon termination of this DPA:

  • AriseNote will cease Processing Customer's Personal Data (except as required for legal compliance)
  • Provisions of Section 9 (Return and Deletion of Personal Data) apply
  • Confidentiality obligations survive termination
  • Indemnification obligations survive termination
  • Limitation of liability provisions survive termination

12.4 Termination by Supervisory Authority

If a supervisory authority orders the suspension or termination of data transfers or Processing:

  • Either party may terminate this DPA upon written notice
  • Customer receives a pro-rata refund for unused subscription fees
  • AriseNote will assist Customer in transitioning to an alternative solution

13. General Provisions

13.1 Entire Agreement

This DPA, together with the Terms of Service and Privacy Policy, constitutes the entire agreement between the parties regarding the Processing of Personal Data and supersedes all prior agreements and understandings.

13.2 Amendments

AriseNote may amend this DPA to:

  • Reflect changes in Data Protection Laws
  • Reflect changes to AriseNote's data Processing practices
  • Add or update Sub-processors (subject to Section 4.3)
  • Improve data protection for Customer

AriseNote will provide 30 days' advance notice of material amendments. Customer's continued use of the Services after the effective date constitutes acceptance of the amended DPA.

13.3 Severability

If any provision of this DPA is found invalid, illegal, or unenforceable:

  • The remaining provisions remain in full force and effect
  • The parties will negotiate in good faith to replace the invalid provision with a valid provision that achieves the same purpose

13.4 Waiver

No failure or delay by either party in exercising any right or remedy under this DPA constitutes a waiver. Any waiver must be in writing and signed by an authorized representative.

13.5 Assignment

Neither party may assign this DPA without the other party's prior written consent, except:

  • AriseNote may assign to a successor entity in connection with a merger, acquisition, or sale of assets (with 30 days' notice to Customer)
  • Customer may assign to a successor entity that assumes Customer's obligations

13.6 Governing Law

This DPA is governed by the laws specified in the Terms of Service (German law), except where Data Protection Laws require otherwise.

13.7 Dispute Resolution

GDPR Disputes:

For disputes related to GDPR compliance:

  1. Parties will attempt to resolve disputes informally
  2. Either party may refer the dispute to the relevant supervisory authority
  3. Data Subjects may lodge complaints with supervisory authorities
  4. Legal proceedings as specified in the Terms of Service

Other Disputes:

Disputes not related to GDPR compliance are resolved according to the dispute resolution provisions in the Terms of Service.

13.8 Language

This DPA is drafted in English. If translated into other languages, the English version prevails in case of inconsistency.

13.9 Survival

The following provisions survive termination of this DPA:

  • Confidentiality obligations
  • Indemnification obligations
  • Limitation of liability
  • Return and deletion of Personal Data
  • Audit rights (for a reasonable period)
  • Any other provisions that by their nature should survive

14. Contact Information

For questions or concerns regarding this DPA or data protection matters, please contact:

Email: help@arisenote.com

Data Protection Officer (if applicable): Not currently appointed (not required under current processing volumes)

Postal Address:
Maksim Gusev
Hildegard-Knef-Straße 3
85053 Ingolstadt, Bayern
Germany

EU Representative: As AriseNote is based in the EU (Germany), we serve as our own representative.

For GDPR matters in Germany:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de

Appendix A: Standard Contractual Clauses

This section would include the full text of the EU Standard Contractual Clauses for international data transfers. For brevity, this is represented as a placeholder.

The parties agree to be bound by the Standard Contractual Clauses approved by European Commission Decision 2021/914 for the transfer of personal data to third countries.

Module One: Controller to Controller (where applicable)
Module Two: Controller to Processor (primary use case)
Module Three: Processor to Processor (for Sub-processor transfers)

The SCCs are incorporated by reference and form part of this DPA.

Annexes to SCCs:

  • Annex I.A: List of parties (Customer as Controller, AriseNote as Processor)
  • Annex I.B: Description of transfer (as specified in Section 2.3 of this DPA)
  • Annex I.C: Competent supervisory authority (as specified in Section 14)
  • Annex II: Technical and organizational measures (as specified in Section 3)
  • Annex III: List of Sub-processors (as specified in Section 4 and Subprocessors page)

Appendix B: UK International Data Transfer Addendum

This section would include the UK IDTA or UK Addendum to EU SCCs for transfers from the UK.

For transfers of Personal Data from the United Kingdom, the parties agree to be bound by the UK International Data Transfer Addendum (UK Addendum) to the EU Standard Contractual Clauses, version B1.0, issued by the UK Information Commissioner's Office.

Key Details:

  • Exporter: Customer (UK Controller)
  • Importer: AriseNote and approved Sub-processors
  • Addendum EU SCCs: Module Two (Controller to Processor)
  • Applicable UK GDPR: UK GDPR and Data Protection Act 2018

By using the AriseNote Services, Customer agrees to the terms of this Data Processing Agreement.

Effective Date: The date Customer accepts the Terms of Service

AriseNote Signatory:
Maksim Gusev
Einzelunternehmer, AriseNote
Hildegard-Knef-Straße 3
85053 Ingolstadt, Bayern, Germany

Related Policies