Your Social Hub logo

YOUR SOCIAL HUB

Data Processing Agreement

Last Updated: June 29, 2026

This is a template for business customers for whom YSH acts as a processor. For a signed copy, contact info@yoursocialhub.online.

1. Subject matter and roles

This Data Processing Agreement ("DPA") applies where YSocialH OÜ ("YSH", "Processor") processes personal data on behalf of a customer ("Customer", "Controller") in providing the Your Social Hub service. The Customer is the controller and YSH is the processor of Customer Personal Data. This DPA forms part of the agreement between the parties for the use of the service.

2. Processing details

Subject matter: provision of the content-approval and publishing platform. Duration: for the term of the service agreement. Nature and purpose: hosting, storage, processing and transmission of content and related data to operate the service. Types of data: account and profile data, content (images, videos, captions), comments and feedback, connected social-account identifiers. Data subjects: the Customer’s personnel, collaborators and reviewers.

3. Processor obligations

YSH processes Customer Personal Data only on documented instructions from the Customer (including via use of the service), unless required by EU or member-state law. YSH ensures persons authorised to process the data are bound by confidentiality.

4. Security (Art. 32)

YSH implements appropriate technical and organisational measures, including encryption in transit and at rest, access controls and authentication, audit logging, and regular review of measures, taking into account the state of the art and the risks of processing.

5. Sub-processors

The Customer provides general authorisation for YSH to engage sub-processors listed on our sub-processors page. YSH imposes data-protection obligations on each sub-processor equivalent to those in this DPA and remains liable for their performance. YSH gives notice of intended changes and the Customer may object on reasonable data-protection grounds.

6. Data subject requests

Taking into account the nature of the processing, YSH assists the Customer by appropriate technical and organisational measures, insofar as possible, to respond to data-subject requests to exercise their rights under the GDPR. The service also provides self-service access, export and deletion tooling.

7. Personal data breach

YSH notifies the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and provides information reasonably required for the Customer to meet its own notification obligations.

8. Audits

YSH makes available information necessary to demonstrate compliance with Art. 28 and allows for and contributes to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, subject to reasonable confidentiality and security conditions.

9. International transfers

Where processing involves a transfer of Customer Personal Data outside the EEA, such transfer is governed by the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism, together with supplementary measures where required.

10. Deletion and return

On termination of the service, YSH deletes or returns Customer Personal Data at the Customer’s choice, and deletes existing copies unless EU or member-state law requires storage. Certain records (e.g. accounting data held by our payment processor) may be retained where legally required.

© 2026 YSocialH OÜ. All rights reserved.