Legal
Data Processing Agreement
Last updated: July 2026
This Data Processing Agreement ("DPA") forms part of the agreement between RHM Digital B.V. ("Processor", "we") and the business customer using our platform ("Controller", "you") whenever RHM Digital processes personal data on your behalf, as described in Article 28 of the GDPR.
1. Subject matter and duration
RHM Digital processes personal data on your behalf for the duration of your subscription, for the purpose of providing the AI visibility platform described in our Terms of Service.
2. Nature and purpose of processing
We process account data, workspace configuration, and usage data as described in our Privacy Policy, solely to operate the service, generate AI visibility measurements, and provide support.
3. Categories of data subjects
- Your employees and authorized users who hold an RHM Digital account
- Where relevant, individuals named in content you submit for AI visibility measurement
4. Subprocessors
You provide general authorization for RHM Digital to engage the subprocessors listed on our Subprocessors page. We will impose data protection obligations on subprocessors that are materially equivalent to those in this DPA, and remain liable for their performance.
5. Processor obligations
- Process personal data only on your documented instructions, unless required to do otherwise by law
- Ensure persons authorized to process personal data are bound by confidentiality
- Implement appropriate technical and organizational security measures, as described in our Security Overview
- Assist you in responding to data subject requests, to the extent reasonably possible
- Notify you without undue delay after becoming aware of a personal data breach
- Delete or return personal data at the end of the service, subject to legal retention obligations
- Make available information necessary to demonstrate compliance with this DPA
6. International transfers
Some subprocessors, including AI model providers, are located outside the European Economic Area. Where this is the case, transfers are made subject to the European Commission's Standard Contractual Clauses or another valid transfer mechanism recognized under the GDPR.
7. Audits
On reasonable written request, and no more than once per year, we will provide information reasonably necessary to demonstrate compliance with this DPA. On-site audits may be arranged by mutual agreement and at your cost.
8. Precedence
In the event of a conflict between this DPA and our Terms of Service, this DPA prevails with respect to the processing of personal data.
9. Contact
For a signed copy of this DPA, contact info@rhmdigital.com.
