Data Processing Agreement (DPA)
The Art. 28 DSGVO / GDPR Data Processing Agreement that governs the Customer Portal (portal.orbitalreg.com) is no longer published on the public docs site. The current working draft lives behind the portal sign-in so the wording stays inside the signed-NDA perimeter until counsel review is complete.
How to read it
- Customers with portal access: sign in at portal.orbitalreg.com/dpa.
- Prospects evaluating OrbitalReg: request the draft under NDA at legal@orbitalreg.com. We typically reply within one business day.
What's in it
The DPA covers the Customer Portal only — the self-hosted Software you run inside your own infrastructure does not require a DPA because OrbitalReg never receives your data in that mode.
Coverage includes:
- EU-only sub-processors (IONOS SE, Frankfurt)
- 72-hour personal-data-breach notification window
- Full Technical and Organisational Measures (TOMs) disclosure
- 30-day Karenz-period data return / deletion guarantee
- Audit rights aligned with DSGVO Art. 28 (3) (h)