Pursuant to Art. 28 GDPR
Last updated: April 2025
Data Processor: iDeployed UG (haftungsbeschränkt) i.G., Torgauer Straße 231-233, 04347 Leipzig — Controller: the respective business customer (client).
iDeployed processes personal data on behalf of the customer for the purpose of hosting a JTL-Shop instance. Processing occurs solely in accordance with the customer's documented instructions. The duration of processing corresponds to the term of the contract.
Hosting, storage, and technical operation of the customer's JTL-Shop instance. iDeployed processes data solely within the scope of the contractually agreed services and not for its own purposes.
Categories of data processed:
Data subjects:
iDeployed undertakes to:
The customer is the controller within the meaning of the GDPR. The customer issues instructions to iDeployed and ensures that the processing of personal data has a lawful basis.
Pre-approved sub-processors:
Google Cloud Platform (GCP)
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Purpose: Infrastructure hosting — Region: europe-north2 (Stockholm, Sweden)
iDeployed will inform the customer of the addition or replacement of sub-processors. The customer has the right to object.
iDeployed implements the following measures:
iDeployed deletes or returns data upon the customer's instruction. After the end of the contract, all customer data will be irreversibly deleted within 30 days unless a statutory retention obligation exists.
iDeployed shall make available to the customer all information necessary to demonstrate compliance with the obligations under Art. 28 GDPR and shall allow for and contribute to audits, including inspections, conducted by the customer or a mandated auditor.
Upon termination of the contract, all customer data will be irreversibly deleted or returned upon the customer's request. Proof of deletion will be provided upon request.
For questions about the DPA or data processing, please contact: