CodeMatic logoCodeMatic

Data Processing Agreement — CodeMatic (Laap Group BV)

GDPR Data Processing Agreement (DPA)

Last updated: 21 November 2025

This Data Processing Agreement (“DPA”) supplements all CodeMatic services where we process personal data on behalf of our clients in accordance with GDPR Article 28.

1. Roles

  • The Client acts as the Data Controller.
  • CodeMatic (Laap Group BV) acts as the Data Processor for processing performed on behalf of the Client.

2. Subject Matter & Purpose

CodeMatic processes personal data solely to deliver software development, hosting, integrations, support, maintenance, automation, API, and cloud services as defined in the governing service agreement.

3. Data Categories

Depending on the project, processing may include:

  • Identification data (names, job titles, email addresses, phone numbers).
  • Technical data (log files, IP addresses, device information).
  • Customer or user records provided by the Client.
  • Business information related to the Client’s operations.
  • Usage data generated by delivered systems.

CodeMatic does not intentionally process special categories of personal data unless explicitly agreed in writing.

4. Obligations of CodeMatic

  • Process personal data only on documented instructions from the Client.
  • Ensure that persons authorized to process personal data are bound by confidentiality.
  • Implement appropriate technical and organizational security measures.
  • Assist the Client with fulfilling data subject rights where applicable.
  • Notify the Client without undue delay after becoming aware of a personal data breach.
  • Engage only GDPR-compliant sub-processors bound by written agreements.
  • Delete or return personal data after contract termination unless law requires retention.

5. Sub-Processors

We may use subcontractors for hosting, email delivery, cloud infrastructure, backup, analytics, and similar services. All sub-processors must:

  • Meet GDPR requirements and maintain appropriate safeguards.
  • Process data only under CodeMatic’s instructions.
  • Sign confidentiality and data-processing terms equivalent to this DPA.

A current list of sub-processors is available upon request.

6. International Transfers

Any transfer of personal data outside the European Economic Area will rely on EU Standard Contractual Clauses, adequacy decisions, or equivalent safeguards to ensure lawful protection.

7. Security Measures

CodeMatic applies encryption, strict access controls, secure hosting, regular audits, backups, and monitoring for anomalies or abuse. Detailed security measures can be shared under NDA upon request.

8. Data Breach Notification

In the event of a confirmed personal data breach affecting Client data, CodeMatic will notify the Client without undue delay and provide information required for legal compliance and mitigation.

9. Duration

This DPA remains in force for the duration of the underlying service agreement and continues as necessary to allow CodeMatic to meet any legal retention obligations.

10. Governing Law

This DPA is governed by Belgian law, and disputes fall under the jurisdiction of the courts of Antwerp, Belgium.

11. Contact

For privacy or data-processing inquiries, contact hello@codematic.be.