Data Processing Agreement
This Data Processing Agreement (the “DPA”) governs how Pistio processes personal data on behalf of organisations using Moimio. It mirrors the processor clauses agreed at checkout as part of the Moimio Terms; the two are kept consistent. For most customers the version agreed at checkout is sufficient. A countersigned copy is available to organisations whose own compliance requires a separate signed agreement.
This DPA forms part of the agreement between:
(1) The Customer — the organisation that holds a Moimio account (“Controller”); and
(2) Pistio, a sole trader registered in the United Kingdom, of 66 Paul Street, London EC2A 4NA (“Processor”),
and governs the Processor’s processing of personal data on the Controller’s behalf in connection with the Moimio service.
1. Definitions
Terms such as “personal data”, “processing”, “controller”, “processor”, “data subject”, and “personal data breach” have the meanings given in the UK GDPR and EU GDPR as applicable. “Applicable Data Protection Law” means the UK GDPR, the EU GDPR, and any other data-protection laws applicable to the processing.
2. Subject matter, nature, and purpose
The Processor processes personal data on the Controller’s behalf solely to provide the Moimio service: the registration of event participants and their assignment to rooms, groups, and teams according to the Controller’s configuration. Processing continues for the duration of the Controller’s Moimio account.
3. Categories of data and data subjects
See Annex 1.
4. Controller instructions
4.1 The Processor processes the personal data only on the Controller’s documented instructions, including as set out in this DPA, the Moimio Terms, and the Controller’s configuration and use of the software.
4.2 The Processor informs the Controller if, in its opinion, an instruction infringes Applicable Data Protection Law.
4.3 The Processor does not use the personal data for its own purposes.
5. Processor obligations
The Processor shall:
- ensure that persons authorised to process the personal data are bound by an obligation of confidentiality;
- implement the technical and organisational security measures set out in Annex 2;
- respect the conditions in clause 6 for engaging subprocessors;
- taking into account the nature of the processing, assist the Controller by appropriate measures, so far as possible, in fulfilling the Controller’s obligation to respond to requests by data subjects exercising their rights;
- assist the Controller in ensuring compliance with its obligations relating to security, breach notification, data protection impact assessments, and prior consultation, taking into account the nature of processing and the information available to the Processor;
- at the Controller’s choice, delete or return the personal data at the end of the provision of services, and delete existing copies, as described in clause 8;
- make available to the Controller information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits as set out in clause 9.
6. Subprocessors
6.1 The Controller grants general authorisation to the Processor to engage the subprocessors listed in Annex 3.
6.2 The Processor imposes data-protection obligations on each subprocessor equivalent to those in this DPA, and remains fully liable to the Controller for the performance of each subprocessor.
6.3 The Processor informs the Controller of any intended addition or replacement of a subprocessor, giving the Controller a reasonable opportunity to object.
7. Personal data breach
The Processor notifies the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s personal data, and provides the Controller with the information reasonably necessary for the Controller to meet its own breach notification obligations.
8. Deletion and return
On closure of the Controller’s account, participant personal data is made available to the Controller for export for 30 days, then erased in line with the Moimio retention schedule. The workspace and its data, including routine backups, are permanently erased within 44 days of account closure, save that copies present in routine backups age out of the backup retention schedule within a maximum of six months for individually deleted events.
9. Audit
The Processor makes available to the Controller information necessary to demonstrate compliance with this DPA and contributes to reasonable audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, on reasonable notice and subject to confidentiality.
10. International transfers
Personal data is hosted and processed within the European Union (Germany). The Processor, Pistio, is established in the United Kingdom and accesses the personal data from there to operate and support the service. Personal data therefore moves between the United Kingdom and the European Economic Area; those flows are covered by the European Commission’s adequacy decision for the United Kingdom and by the United Kingdom’s recognition of the EEA, so no additional transfer safeguards are required. The Processor does not transfer the personal data to any country outside the United Kingdom or the EEA except under safeguards permitted by Applicable Data Protection Law.
11. EU and UK representatives
For any data-protection matter in connection with this agreement, including the role of an EU representative under Article 27 EU GDPR where one is required, contact contact@moimio.app.
12. Liability and governing law
12.1 Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Moimio Terms.
12.2 This DPA is governed by the laws of England and Wales.
Annex 1 — Categories of data and data subjects
Data subjects: participants in events organised by the Controller (for example, attendees of retreats, conferences, or camps).
Categories of personal data: names; contact details (such as email address); dietary, allergy, or accessibility requirements where entered by the Controller; group, room, and team assignments; and any other information the Controller chooses to enter about participants.
Dietary, allergy, or accessibility information may constitute special-category (health) data. The Controller is responsible for ensuring it has a lawful basis for entering such data.
Annex 2 — Security measures
- Hosting within the EU (Germany).
- Per-tenant isolation: each Controller’s workspace runs in its own isolated container with its own database.
- Access controls limiting access to authorised persons.
- Encryption of data in transit (HTTPS/TLS).
- Regular encrypted backups, with defined retention and erasure.
- Logical separation of each Controller’s data from every other Controller’s data.
Annex 3 — Subprocessors
| Subprocessor | Role | Location |
|---|---|---|
| Hetzner | Hosting and infrastructure | Germany (EU) |
| Paddle | Payment processing (Merchant of Record) | EU / global |
| Mailjet | Transactional email delivery | EU |
| Cloudflare | DNS, content delivery, website hosting | Global |
A countersigned PDF copy of this agreement is available to customers on request. Write to contact@moimio.app.