← Back to Home

Data Processing Agreement (DPA)

Last updated: 2026-01-04

1. Definitions

For the purposes of this Data Processing Agreement:

  • "Controller" means the entity that determines the purposes and means of processing personal data
  • "Processor" means the entity that processes personal data on behalf of the Controller
  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on personal data, including collection, storage, and deletion
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679

2. Scope and Purpose

This Data Processing Agreement ("DPA") governs the processing of personal data by PortfolioHub as a data processor on behalf of users (data controllers) in connection with the PortfolioHub Service. This DPA is incorporated into and forms part of our Terms of Service and Privacy Policy.

3. Roles and Responsibilities

3.1 PortfolioHub as Processor

PortfolioHub acts as a data processor when processing personal data on behalf of users. As a processor, we:

  • Process personal data only in accordance with your instructions and this DPA
  • Implement appropriate technical and organizational measures to protect personal data
  • Assist you in responding to data subject requests
  • Notify you of any data breaches without undue delay

3.2 User as Controller

As a user of PortfolioHub, you act as a data controller for the personal data you upload and manage through the Service. You are responsible for:

  • Ensuring you have a lawful basis for processing personal data
  • Obtaining necessary consents from data subjects
  • Complying with applicable data protection laws
  • Providing accurate instructions to PortfolioHub regarding data processing

4. Processing Details

4.1 Subject Matter

The subject matter of processing includes personal data uploaded, stored, and managed by users through the PortfolioHub Service, including but not limited to professional information, contact details, and portfolio content.

4.2 Duration

Processing will continue for the duration of your use of the Service, unless terminated earlier in accordance with this DPA or our Terms of Service.

4.3 Nature and Purpose

The nature and purpose of processing includes:

  • Storage and hosting of personal data
  • Provision of portfolio management and presentation services
  • User authentication and account management
  • Service improvement and analytics (with consent)

4.4 Types of Personal Data

Types of personal data processed may include:

  • Identity information (name, email address)
  • Professional information (work experience, education, skills)
  • Contact information
  • Account credentials and authentication data

4.5 Categories of Data Subjects

Categories of data subjects include users of the Service and individuals whose information is included in portfolios managed through the Service.

5. Security Measures

PortfolioHub implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Backup and disaster recovery procedures
  • Employee training on data protection

6. Sub-Processors

PortfolioHub may engage sub-processors to assist in providing the Service. We ensure that all sub-processors:

  • Are bound by data processing agreements that comply with GDPR
  • Implement appropriate security measures
  • Process personal data only as instructed

Current sub-processors include cloud hosting providers and analytics services. We will notify you of any material changes to our sub-processors.

7. Data Subject Rights

PortfolioHub will assist you in responding to requests from data subjects to exercise their rights under GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

8. Data Breach Notification

In the event of a personal data breach, PortfolioHub will notify you without undue delay after becoming aware of the breach. We will provide you with all information reasonably necessary to enable you to meet your obligations under GDPR to report the breach to supervisory authorities and notify affected data subjects.

9. International Transfers

If personal data is transferred outside the European Economic Area (EEA), PortfolioHub will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of data protection.

10. Data Retention and Deletion

Upon termination of your account or upon your request, PortfolioHub will delete or return all personal data in accordance with your instructions, unless we are required to retain certain data by law. Deletion will occur within 30 days of the termination or request, unless a longer retention period is required by applicable law.

11. Audit Rights

PortfolioHub will make available to you all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by you or your authorized representative, subject to reasonable notice and confidentiality obligations.

12. Governing Law

This DPA is governed by the laws of Portugal and the European Union. Any disputes arising from this DPA will be subject to the exclusive jurisdiction of the courts of Portugal.

13. Contact Information

For any questions regarding this DPA or data processing activities, please contact us through our support channels.