Data Processing Agreement (DPA)
This agreement governs the processing of personal data carried out by PageOneBoost (processor) on behalf of its clients (controllers), pursuant to article 28 GDPR. A signable version is provided upon request at contact@pageoneboost.com.
Dernière mise à jour : 1er juillet 2026
1. Subject matter, duration, nature and purpose
Processing covers the data strictly necessary to deliver the subscribed services (SEO, website creation and hosting, reporting, client relationship). It lasts for the duration of the service contract; data categories: professional identity and contact details, billing data, content provided for the website, traffic statistics.
2. Processor obligations
PageOneBoost processes data only on the client's documented instructions; ensures confidentiality of authorised persons; implements the technical and organisational measures described in the trust center (encryption in transit and at rest, two-factor authentication, role-based access control, audit logging, tested 3-2-1 backups); assists the client with data-subject requests and impact assessments where applicable.
3. Subprocessing
The list of subprocessors is published in the trust center (/trust). Any change is announced with 30 days' notice, allowing the client to object on legitimate grounds. Each subprocessor is bound by obligations equivalent to this agreement.
4. Transfers outside the European Union
Where a subprocessor processes data outside the EU, the transfer is governed by the European Commission's Standard Contractual Clauses (decision 2021/914) and supplementary measures where appropriate.
5. Data breach
PageOneBoost notifies the client without undue delay after becoming aware of a personal data breach, with the information needed for the notification to the supervisory authority (art. 33 GDPR). A documented, rehearsed incident procedure is maintained.
6. Return and deletion
At the end of the services, PageOneBoost returns the data to the client in an open format and then deletes it from its systems (including backups at the end of their retention cycle), unless legally required to retain it (notably accounting: 10 years).
7. Audit
PageOneBoost makes available the documentation necessary to demonstrate compliance and allows reasonable audits (once a year, 30 days' notice, at the client's expense, without access to other clients' data).