Data Processing Agreement

For customers who, as data controller, have personal data processed via Musicdott (every school), we sign a Data Processing Agreement (DPA) under Article 28 GDPR. The DPA sets out what Musicdott may do with the data, what security we apply, and how we handle sub-processors, breaches, and data-subject rights.

How to get a DPA

Email mail@musicdott.app with your school name and Chamber-of-Commerce number. Within one business day you receive our standard DPA (Dutch or English, single PDF), pre-signed by Bèta Development VOF. Counter-sign and return — done. Requests to amend the standard text take longer; we are happy to discuss.

What our standard DPA covers (summary)

• Scope of processing, duration and purposes (bound to the school’s instructions).
• Categories of personal data and data subjects (see our register of processing).
• Technical and organisational security (Art. 32) — encryption at rest + in transit, MFA, audit logs.
• Sub-processors: see list, 30-day prior notice on change. → /en/sub-processors
• Breach procedure: notification to school within 48 hours of becoming aware.
• Support for data-subject rights (Art. 15–22).
• Return or destruction of data at end of agreement.