Last Updated: June 29, 2026
This is a template for business customers for whom YSH acts as a processor. For a signed copy, contact info@yoursocialhub.online.
This Data Processing Agreement ("DPA") applies where YSocialH OÜ ("YSH", "Processor") processes personal data on behalf of a customer ("Customer", "Controller") in providing the Your Social Hub service. The Customer is the controller and YSH is the processor of Customer Personal Data. This DPA forms part of the agreement between the parties for the use of the service.
Subject matter: provision of the content-approval and publishing platform. Duration: for the term of the service agreement. Nature and purpose: hosting, storage, processing and transmission of content and related data to operate the service. Types of data: account and profile data, content (images, videos, captions), comments and feedback, connected social-account identifiers. Data subjects: the Customer’s personnel, collaborators and reviewers.
YSH processes Customer Personal Data only on documented instructions from the Customer (including via use of the service), unless required by EU or member-state law. YSH ensures persons authorised to process the data are bound by confidentiality.
YSH implements appropriate technical and organisational measures, including encryption in transit and at rest, access controls and authentication, audit logging, and regular review of measures, taking into account the state of the art and the risks of processing.
The Customer provides general authorisation for YSH to engage sub-processors listed on our sub-processors page. YSH imposes data-protection obligations on each sub-processor equivalent to those in this DPA and remains liable for their performance. YSH gives notice of intended changes and the Customer may object on reasonable data-protection grounds.
Taking into account the nature of the processing, YSH assists the Customer by appropriate technical and organisational measures, insofar as possible, to respond to data-subject requests to exercise their rights under the GDPR. The service also provides self-service access, export and deletion tooling.
YSH notifies the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and provides information reasonably required for the Customer to meet its own notification obligations.
YSH makes available information necessary to demonstrate compliance with Art. 28 and allows for and contributes to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, subject to reasonable confidentiality and security conditions.
Where processing involves a transfer of Customer Personal Data outside the EEA, such transfer is governed by the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism, together with supplementary measures where required.
On termination of the service, YSH deletes or returns Customer Personal Data at the Customer’s choice, and deletes existing copies unless EU or member-state law requires storage. Certain records (e.g. accounting data held by our payment processor) may be retained where legally required.
© 2026 YSocialH OÜ. All rights reserved.