Type something to search...
to navigateto selectESC to close

DPA

Based on the EU Standard Contractual Clauses (Decision 2021/915)

Last Updated: April 15, 2026

SECTION I: THE PARTIES

The Data Controller: The Customer using the Service under the Akkamind Terms of Service.

The Data Processor: Akkamind d.o.o.

Address: Vrhniška cesta 6, 1354 Horjul, Slovenia

Contact Email: privacy@akkamind.com

SECTION II: STANDARD CLAUSES

Clause 1: Purpose and scope

These Clauses ensure compliance with Article 28(3) and (4) of Regulation (EU) 2016/679 (GDPR). They apply to the processing of personal data as described in Annex II.

Clause 2: Invariability of the Clauses

The Parties undertake not to modify these Clauses. This does not prevent the Parties from adding additional safeguards, provided they do not contradict these Clauses.

Clause 3: Interpretation & Hierarchy

These Clauses shall be read in light of the GDPR. In the event of a contradiction between these Clauses and any other agreement between the Parties (like the Terms of Service), these Clauses shall prevail.

Clause 4: Docking Clause

Any entity that is not a Party to these Clauses may, with the agreement of all the Parties, accede to these Clauses at any time as a controller or a processor.

Clause 5: Description of processing

The details of the processing operations are specified in Annex II.

Clause 6: Obligations of the Processor

  1. Instructions: The processor shall process personal data only on documented instructions from the controller.
  2. Purpose limitation: The processor shall process the personal data only for the specific purpose(s) of the service as set out in Annex II, unless it receives further instructions from the controller.
  3. Confidentiality: The processor shall ensure that persons authorised to process the personal data have committed themselves to confidentiality.
  4. Security: The processor shall implement the technical and organisational measures specified in Annex III.
  5. Sub-processors: The processor has the controller’s general authorisation for the engagement of sub-processors. The list is in Annex IV. The processor shall inform the controller of any intended changes at least 14 days in advance.
  6. Data Subject Rights: The processor shall assist the controller in responding to requests from data subjects.
  7. Breach Notification: The processor shall notify the controller within 72 hours of becoming aware of a personal data breach.

Clause 7: International Transfers

  1. Any transfer of data to a country outside of the EEA shall take place only on documented instructions from the controller and in compliance with Chapter V of Regulation (EU) 2016/679.
  2. The controller agrees that where Akkamind engages a sub-processor (e.g., OpenAI) involving a transfer of personal data, Akkamind and the sub-processor will ensure compliance by using the EU Standard Contractual Clauses (2021/914) or the EU-U.S. Data Privacy Framework.

Clause 8: Termination and Deletion

Upon termination of the service, the processor shall delete all personal data within 10 business days, unless law requires storage.

SECTION III: FINAL PROVISIONS

1. Audits

Akkamind shall provide reasonable information to demonstrate GDPR compliance and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

2. Liability

Liability under this DPA is governed by the Akkamind Terms of Service.

3. Governing Law

This Agreement is governed by the laws of Slovenia. Any disputes shall be submitted to the exclusive jurisdiction of the courts of Slovenia.

4. Anonymization and Service Improvement

The Processor may create de-identified, anonymized, or aggregated data (“Anonymized Data”) from Personal Data processed under this DPA. Anonymized Data that no longer relates to an identified or identifiable natural person is not Personal Data and is not subject to this DPA. The Processor may use such Anonymized Data to provide, maintain, and improve the Services.

SECTION IV: ANNEXES

ANNEX I: List of Parties

  • Controller: The Customer using the Service under the Akkamind Terms of Service.
  • Processor: Akkamind d.o.o.

ANNEX II: Description of the Processing

  • Subject Matter: AI-driven energy analytics and chatbot support.
  • Nature of Processing: Collection, storage, and automated analysis via Large Language Models and classical AI technology.
  • Categories of Data: Name, email address, job title, organization, account credentials, energy usage data, energy billing data and chat interactions.
  • Data Subjects:
    • Employees, contractors, and agents of the Customer;
    • Authorized Users of the Services (including, without limitation, facility managers and energy managers).

ANNEX III: Technical and Organisational Measures (TOMs)

The Processor implements:

  • Encryption: Data is encrypted at rest and in transit.
  • Hosting: Infrastructure hosted on Google Cloud Platform (GCP) in EU regions.
  • Access Control: Multi-factor authentication (MFA) for all administrative access.
  • Training Safeguard: Sub-processor LLM APIs are configured to ensure data is not used for training global models (see Annex IV for list of sub-processors).

ANNEX IV: List of Authorized Sub-processors

The Controller authorizes the following entities to process data:

Sub-processor NameRegistered AddressDescription of ProcessingLocation of Processing
OpenAI, Ltd.OpenAI OpCo, LLC, 1455 3rd Street, San Francisco, CA 94158

EU representative: OpenAI Ireland Ltd., 1st Floor, the Liffey Trust Centre 117-126 Sheriff Street Upper, Dublin 1 DUBLIN, D01 YC43 Ireland		Large Language Model (LLM) inference. Processing of text prompts to generate AI insights and chatbot responses.United States
Google Cloud Platform (GCP)Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay Dublin 2 DUBLIN, D02 R296 IrelandCloud infrastructure, hosting, encrypted database storage, and backend logging.EU (Primary: Frankfurt, Germany)

SECTION V: ACCEPTANCE

This DPA is accepted electronically together with the Akkamind Terms of Service.