Data Processing Agreement
Summary for customers and partners: how we address GDPR requirements when we process personal data on your instructions.
Important: This page is a high-level summary to support procurement and security reviews. The legally binding text for your organisation is the executed Data Processing Agreement and related order or master service agreement, which we provide for qualified enterprise and B2B contracts. If anything here conflicts with a signed document, the signed document prevails.
Controller & processor
Last updated: April 27, 2026
Cintel Solutions AB (org. no. 559532-7023, Sweden) operates the IntelFetch platform. Where you act as a data controller and instruct us to process personal data on your behalf in connection with an enterprise or other written agreement, we act as a data processor for that processing, in line with the EU General Data Protection Regulation (GDPR), including Article 28, and, where applicable, Swedish data protection law.
For processing we carry out for our own purposes (for example, account and billing data for users of the service), we typically act as a controller or joint controller as described in our Privacy Policy.
What our standard DPA covers
Our Data Processing Agreement for B2B customers is designed to include the points required by GDPR Article 28(3), including in substance:
- Processing only on documented instructions from you, including regarding transfers, unless Union or Member State law requires otherwise.
- Confidentiality obligations for persons authorised to process the data.
- Appropriate technical and organisational measures to protect the data (see also our Security information).
- Subprocessors: we may use carefully selected sub-processors; we maintain agreements with them that meet GDPR requirements. We publish key categories of sub-processors in our Cookie Policy and Privacy Policy (e.g. payment, support, and error monitoring) and can provide a formal sub-processor list with an enterprise agreement.
- Assistance with data subject rights, breach notification where applicable, deletion or return of data at the end of the service, and information needed to demonstrate compliance.
International transfers
Where personal data is transferred outside the EEA, we use appropriate safeguards such as the EU Commission standard contractual clauses and supplementary measures as required by current guidance, as specified in the executed DPA and/or order form.
Request an executed DPA
To obtain our standard Data Processing Agreement for signature, or to discuss enterprise terms, contact: [email protected]. For general privacy and data protection inquiries: [email protected].
Please include your company name, country, and a short description of the services you are procuring so we can route your request.