DATA PROCESSING ADDENDUM (DPA)
BrickSpace / InSpace Software
Copyright (c) 2019-2026 InSpace Software. All rights reserved.
This Data Processing Addendum ("DPA") forms part of the agreement between
InSpace Software ("Processor") and the customer ("Controller") governing
the processing of personal data in connection with the BrickSpace services
("Service").
Last updated: December 27, 2025
------------------------------------------------------------
1. PARTIES
------------------------------------------------------------
Data Controller:
The customer using the Service for business purposes.
Data Processor:
InSpace Software
De Vechtborg 47
7772 WK Hardenberg
The Netherlands
------------------------------------------------------------
2. SUBJECT MATTER AND DURATION
------------------------------------------------------------
This DPA applies to the processing of personal data by the Processor on
behalf of the Controller in connection with the provision of the Service.
The processing shall continue for the duration of the applicable service
agreement unless otherwise agreed in writing.
------------------------------------------------------------
3. NATURE AND PURPOSE OF PROCESSING
------------------------------------------------------------
The Processor processes personal data solely for the purpose of providing,
operating, maintaining, and supporting the Service, including:
- User authentication and account management
- Data storage and synchronization
- Diagnostics, logging, and error reporting
- Billing, invoicing, and license validation
- Customer support
------------------------------------------------------------
4. TYPES OF PERSONAL DATA
------------------------------------------------------------
Depending on use of the Service, personal data may include:
- Names and email addresses
- User identifiers and account metadata
- IP addresses and device information
- Usage logs and diagnostic data
- Marketplace-related identifiers where applicable
The Processor does not intentionally process special categories of
personal data as defined under GDPR Article 9.
------------------------------------------------------------
5. CATEGORIES OF DATA SUBJECTS
------------------------------------------------------------
Data subjects may include:
- Employees and contractors of the Controller
- End users authorized by the Controller to use the Service
- Customer contacts and administrators
------------------------------------------------------------
6. OBLIGATIONS OF THE PROCESSOR
------------------------------------------------------------
The Processor shall:
- Process personal data only on documented instructions from the
Controller
- Ensure persons authorized to process personal data are bound by
confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist the Controller in fulfilling data subject rights requests
- Assist the Controller with GDPR compliance obligations where applicable
- Notify the Controller without undue delay after becoming aware of a
personal data breach
------------------------------------------------------------
7. SECURITY MEASURES
------------------------------------------------------------
The Processor implements appropriate technical and organizational measures
to protect personal data, including but not limited to:
- Access controls and authentication mechanisms
- Encryption of data in transit where applicable
- Secure hosting environments
- Regular updates and maintenance
Specific security measures may evolve over time to reflect industry best
practices.
------------------------------------------------------------
8. SUBPROCESSORS
------------------------------------------------------------
The Controller authorizes the Processor to engage subprocessors for the
provision of the Service, including hosting, infrastructure, analytics,
and communication providers.
The Processor shall ensure that subprocessors are bound by data protection
obligations equivalent to those set out in this DPA.
A current list of subprocessors may be made available upon request.
------------------------------------------------------------
9. DATA LOCATION AND TRANSFERS
------------------------------------------------------------
Personal data is currently processed within the European Union, primarily
in Germany.
If personal data is transferred outside the European Union in the future,
the Processor shall ensure appropriate safeguards are in place in
accordance with applicable data protection laws.
------------------------------------------------------------
10. ASSISTANCE WITH DATA SUBJECT RIGHTS
------------------------------------------------------------
The Processor shall, taking into account the nature of the processing,
assist the Controller by appropriate technical and organizational measures
to fulfill obligations related to data subject rights under GDPR.
------------------------------------------------------------
11. DELETION OR RETURN OF DATA
------------------------------------------------------------
Upon termination of the Service, the Processor shall delete or anonymize
personal data within a reasonable period, unless retention is required by
applicable law.
------------------------------------------------------------
12. AUDIT AND COMPLIANCE
------------------------------------------------------------
The Controller may request reasonable information to verify the
Processor's compliance with this DPA.
Audits, if required, shall be subject to reasonable notice and shall not
unreasonably interfere with the Processor's operations.
------------------------------------------------------------
13. LIABILITY
------------------------------------------------------------
Liability under this DPA shall be subject to the limitations of liability
set forth in the applicable service agreement, Terms of Service, or End
User License Agreement.
------------------------------------------------------------
14. GOVERNING LAW
------------------------------------------------------------
This DPA shall be governed by and construed in accordance with the laws of
the Netherlands.
------------------------------------------------------------
15. ENTIRE AGREEMENT
------------------------------------------------------------
This DPA forms part of the legal framework governing the Service, together
with the Terms of Service, Privacy Policy, Cookie Policy, and End User
License Agreement.
If any provision of this DPA is held to be invalid or unenforceable, the
remaining provisions shall remain in full force and effect.
------------------------------------------------------------
END OF DATA PROCESSING ADDENDUM
------------------------------------------------------------
BrickSpace / InSpace Software
Copyright (c) 2019-2026 InSpace Software. All rights reserved.
This Data Processing Addendum ("DPA") forms part of the agreement between
InSpace Software ("Processor") and the customer ("Controller") governing
the processing of personal data in connection with the BrickSpace services
("Service").
Last updated: December 27, 2025
------------------------------------------------------------
1. PARTIES
------------------------------------------------------------
Data Controller:
The customer using the Service for business purposes.
Data Processor:
InSpace Software
De Vechtborg 47
7772 WK Hardenberg
The Netherlands
------------------------------------------------------------
2. SUBJECT MATTER AND DURATION
------------------------------------------------------------
This DPA applies to the processing of personal data by the Processor on
behalf of the Controller in connection with the provision of the Service.
The processing shall continue for the duration of the applicable service
agreement unless otherwise agreed in writing.
------------------------------------------------------------
3. NATURE AND PURPOSE OF PROCESSING
------------------------------------------------------------
The Processor processes personal data solely for the purpose of providing,
operating, maintaining, and supporting the Service, including:
- User authentication and account management
- Data storage and synchronization
- Diagnostics, logging, and error reporting
- Billing, invoicing, and license validation
- Customer support
------------------------------------------------------------
4. TYPES OF PERSONAL DATA
------------------------------------------------------------
Depending on use of the Service, personal data may include:
- Names and email addresses
- User identifiers and account metadata
- IP addresses and device information
- Usage logs and diagnostic data
- Marketplace-related identifiers where applicable
The Processor does not intentionally process special categories of
personal data as defined under GDPR Article 9.
------------------------------------------------------------
5. CATEGORIES OF DATA SUBJECTS
------------------------------------------------------------
Data subjects may include:
- Employees and contractors of the Controller
- End users authorized by the Controller to use the Service
- Customer contacts and administrators
------------------------------------------------------------
6. OBLIGATIONS OF THE PROCESSOR
------------------------------------------------------------
The Processor shall:
- Process personal data only on documented instructions from the
Controller
- Ensure persons authorized to process personal data are bound by
confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist the Controller in fulfilling data subject rights requests
- Assist the Controller with GDPR compliance obligations where applicable
- Notify the Controller without undue delay after becoming aware of a
personal data breach
------------------------------------------------------------
7. SECURITY MEASURES
------------------------------------------------------------
The Processor implements appropriate technical and organizational measures
to protect personal data, including but not limited to:
- Access controls and authentication mechanisms
- Encryption of data in transit where applicable
- Secure hosting environments
- Regular updates and maintenance
Specific security measures may evolve over time to reflect industry best
practices.
------------------------------------------------------------
8. SUBPROCESSORS
------------------------------------------------------------
The Controller authorizes the Processor to engage subprocessors for the
provision of the Service, including hosting, infrastructure, analytics,
and communication providers.
The Processor shall ensure that subprocessors are bound by data protection
obligations equivalent to those set out in this DPA.
A current list of subprocessors may be made available upon request.
------------------------------------------------------------
9. DATA LOCATION AND TRANSFERS
------------------------------------------------------------
Personal data is currently processed within the European Union, primarily
in Germany.
If personal data is transferred outside the European Union in the future,
the Processor shall ensure appropriate safeguards are in place in
accordance with applicable data protection laws.
------------------------------------------------------------
10. ASSISTANCE WITH DATA SUBJECT RIGHTS
------------------------------------------------------------
The Processor shall, taking into account the nature of the processing,
assist the Controller by appropriate technical and organizational measures
to fulfill obligations related to data subject rights under GDPR.
------------------------------------------------------------
11. DELETION OR RETURN OF DATA
------------------------------------------------------------
Upon termination of the Service, the Processor shall delete or anonymize
personal data within a reasonable period, unless retention is required by
applicable law.
------------------------------------------------------------
12. AUDIT AND COMPLIANCE
------------------------------------------------------------
The Controller may request reasonable information to verify the
Processor's compliance with this DPA.
Audits, if required, shall be subject to reasonable notice and shall not
unreasonably interfere with the Processor's operations.
------------------------------------------------------------
13. LIABILITY
------------------------------------------------------------
Liability under this DPA shall be subject to the limitations of liability
set forth in the applicable service agreement, Terms of Service, or End
User License Agreement.
------------------------------------------------------------
14. GOVERNING LAW
------------------------------------------------------------
This DPA shall be governed by and construed in accordance with the laws of
the Netherlands.
------------------------------------------------------------
15. ENTIRE AGREEMENT
------------------------------------------------------------
This DPA forms part of the legal framework governing the Service, together
with the Terms of Service, Privacy Policy, Cookie Policy, and End User
License Agreement.
If any provision of this DPA is held to be invalid or unenforceable, the
remaining provisions shall remain in full force and effect.
------------------------------------------------------------
END OF DATA PROCESSING ADDENDUM
------------------------------------------------------------