Laungrid Logo

Data Processing Policy

Last Updated: May 15, 2026

1. Scope and Applicability

This Data Processing Policy ("DPA") applies to the processing of personal data by Laungrid ("Data Processor") on behalf of our enterprise customers ("Data Controller"). It forms part of the master service agreement between the parties.

2. Processing of Personal Data

Laungrid shall only process personal data in accordance with the documented instructions of the Data Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by applicable law.

3. Confidentiality

We ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4. Security Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, Laungrid implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • The pseudonymisation and encryption of personal data;
  • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

5. Sub-processors

The Data Controller generally authorizes Laungrid to engage sub-processors. We will inform the Data Controller of any intended changes concerning the addition or replacement of other sub-processors, giving the Data Controller the opportunity to object to such changes.

6. Data Subject Rights

Laungrid shall, to the extent legally permitted, promptly notify the Data Controller if we receive a request from a Data Subject to exercise their rights. We will assist the Data Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Controller's obligation to respond to such requests.

7. Deletion or Return of Data

At the choice of the Data Controller, Laungrid will delete or return all the personal data to the Data Controller after the end of the provision of services relating to processing, and delete existing copies unless applicable law requires storage of the personal data.