Get data in real time Get 20% off your first year of TelemetryDeck with code YOPK  

Data Processing Agreement

Supplemental Agreement on Data Protection

Validity

The English Version of this Data Processing Agreement shall be a convenience translation only. The binding language of this Data Processing Agreement shall be German. The German version of this Data Processing Agreement shall prevail.

Preliminary Remarks

In connection with the use of the software solution provided by TelemetryDeck for analyzing app usage (hereinafter “Service”), the Client integrates a Software Development Kit (SDK) provided by TelemetryDeck into its app. The Service is intended for the statistical analysis of app usage and the optimization of apps.

This agreement is an integral part of the “Terms of Service” of March 6, 2026 (hereinafter “Terms of Service”) and additionally governs the data protection-related framework conditions of the Service, in particular the technical design as well as the accompanying security, transparency, and verification obligations regarding contractual documentation and the protection of the Client’s legitimate compliance interests.

1. Subject Matter, Term, and Scope of the Agreement

(1) The subject matter of this Agreement is the data protection-related security and processing aspects of the services provided by TelemetryDeck to the Client in connection with the analysis of app usage via the SDK provided by TelemetryDeck.

(2) The nature and scope of the services, as well as their duration, are set forth in the applicable Terms of Use. This Agreement shall remain in effect for the duration of the Client’s use of the service.

2. Understanding of Roles and Distinction from Data Processing

(1) The parties agree that TelemetryDeck does not process any personal data within the meaning of Art. 4(1) GDPR in the context of the service. In this regard, the perspective of TelemetryDeck as the service provider is decisive. From TelemetryDeck’s perspective, the data processed by TelemetryDeck does not permit the identification of a natural person.

(2) TelemetryDeck processes the data neither on behalf of nor at the instruction of the Client. The Client has no influence over the purposes and means of the processing of the anonymized data carried out by TelemetryDeck.

(3) The parties clarify that TelemetryDeck acts neither as a processor within the meaning of Article 4(8) of the GDPR nor as a joint controller within the meaning of Article 26 of the GDPR. The provisions of Articles 26 and 28 of the GDPR do not apply to the services provided by TelemetryDeck.

(4) This agreement does not establish a division of roles under data protection law within the meaning of the GDPR, but serves exclusively to document the technical and organizational framework of the service and to ensure transparency toward the Client.

(5) If the factual or legal framework conditions of the service change in such a way that the data processed by TelemetryDeck can no longer be regarded as anonymous within the meaning of Recital 26 of the GDPR from TelemetryDeck’s perspective, the parties shall immediately enter into negotiations regarding an amendment to this agreement. Such a change does not automatically give rise to a data processing relationship.

3. Anonymization, System Security, and Technical Safeguards

(1) TelemetryDeck warrants that the technical design of the service is such that, from TelemetryDeck’s perspective, the data processed by TelemetryDeck does not relate to any identified or identifiable natural person. Re-identification of individual natural persons is practically impossible given the current state of technology and taking into account all reasonably available means.

(2) TelemetryDeck possesses neither additional information nor technical means that would enable it to establish or re-establish a personal connection.

(3) TelemetryDeck shall take appropriate technical and organizational measures to ensure the integrity, availability, and security of the systems used for the service. The measures in place at the time of conclusion of the contract are described in the document “Technical and Organizational Measures (TOMs),” which will be provided upon request.

(4) The technical design of the service, including anonymization procedures and technical and organizational measures, is subject to technical development. TelemetryDeck is entitled to make adjustments provided that the level of security and anonymization guaranteed by this agreement is not compromised.

4. Obligations of the Client

(1) The Client is responsible for the lawfulness of the collection and any pre-processing of data within its app. This includes, in particular, compliance with data protection-related information obligations toward app users, as well as the legal permissibility of integrating the SDK.

(2) The Client is solely responsible for defining which occurrences, states, or other information within the app are recorded as events. The Client shall ensure that the event definitions do not transmit any content that, in TelemetryDeck’s view, could establish or re-establish a link to an individual.

(3) The Client shall integrate and configure the SDK in accordance with the technical specifications provided by TelemetryDeck. Any deviations from these specifications or customizations that could, in TelemetryDeck’s view, establish or re-establish a personal reference are the responsibility of the Client.

(4) If the Client recognizes that, due to the configuration of the SDK, the definition of events, or other circumstances, data could be processed or transmitted that, in TelemetryDeck’s view, can no longer be considered anonymous within the meaning of this Agreement, the Client must inform TelemetryDeck of this immediately.

(5) The Client shall indemnify TelemetryDeck against such third-party claims to the extent that they are based on a culpable breach by the Client of the obligations incumbent upon it under this Agreement.

5. Obligations of TelemetryDeck, Transparency, and Evidence

(1) TelemetryDeck shall provide the Client, in an appropriate manner, with information that enables the Client to verify compliance with the anonymization and security standards guaranteed in Section 3. This includes, in particular, general descriptions of the technical operating procedures and the security concepts employed.

(2) The Client is entitled to request proof from TelemetryDeck that the technical guarantees assured in Section 3, paragraphs 1 through 3, are being met. Such proof shall be provided, at TelemetryDeck’s discretion, through appropriate documentation, technical descriptions, reports from independent third parties, or comparable suitable means of verification.

(3) TelemetryDeck is not obligated to conduct further inspections, in particular on-site inspections or audits. The Client’s statutory rights to inspect or audit remain unaffected to the extent that they exist independently of this Agreement.

(4) TelemetryDeck shall inform the Client in an appropriate manner of any material changes to the technical design of the Service, to the extent that such changes are likely to affect the characteristics of the Service warranted in Section 3.

(5) TelemetryDeck is not obligated to disclose information whose disclosure would compromise trade or business secrets of TelemetryDeck or third parties or that would allow inferences to be drawn regarding the systems, processes, or data of other customers.

6. Use of Third Parties / Infrastructure Services

(1) TelemetryDeck is entitled to engage third parties to provide the service, to the extent that this is necessary for the operation, maintenance, security, or further development of the systems used. This includes, in particular, infrastructure, hosting, maintenance, support, and security services.

(2) The use of such third parties does not constitute a data processing relationship within the meaning of Article 28 of the GDPR. In particular, the third parties engaged by TelemetryDeck are not further data processors of the client.

(3) TelemetryDeck ensures that the third parties engaged do not receive access to data beyond what is technically necessary for the provision of the respective service, and that appropriate contractual provisions are in place to ensure the protection of the systems as well as compliance with the level of security and anonymization guaranteed in this agreement.

(4) TelemetryDeck does not disclose the Client’s personal data to third parties. Third parties are involved exclusively in the context of processing anonymized data or purely system-related information.

(5) The Client has no right to consent, prior notification, or objection regarding the engagement of individual third parties, provided that the level of security and anonymization guaranteed by this Agreement is maintained.

7. Handling of Requests from Data Subjects

(1) The parties agree that, within the scope of the service, TelemetryDeck is not the addressee of data subject rights within the meaning of Art. 12 et seq. of the GDPR.

(2) To the extent that requests from data subjects in connection with the Client’s app are directed to TelemetryDeck, TelemetryDeck will forward these requests to the Client without reviewing their content, provided a connection to the Client is apparent.

(3) TelemetryDeck has no further obligations to assist in the fulfillment of data subjects’ rights.

8. Liability

The liability of the parties in connection with this agreement is governed by the liability provisions of the Terms of Use.

9. Final Provisions

(1) This Agreement supplements the Terms of Use. In the event of any conflicts, the provisions of this Agreement shall prevail to the extent that they contain more specific data protection-related provisions; in all other respects, the Terms of Use shall apply.

(2) The law agreed upon in the Terms of Use applies. The place of jurisdiction is the place of jurisdiction agreed upon in the Terms of Use.