RecensioAI – review management software
    Log inStart free
    More 5-star reviews€129 onboarding included14 days free, no strings attached

    Data Processing Agreement RecensioAI

    Last updated: February 22, 2026

    This Data Processing Agreement ("Agreement") forms an integral part of the Terms and Conditions of RecensioAI and is entered into between:

    The Client (data controller)
    and
    RecensioAI (data processor)

    This Agreement governs the processing of personal data by RecensioAI on behalf of the Client, in accordance with the General Data Protection Regulation (GDPR).

    1. Definitions

    • Data Controller: the party that determines the purpose and means of processing
    • Data Processor: the party that processes personal data on behalf of the data controller
    • Data Subject: the identified or identifiable natural person
    • Personal Data: all information about an identified or identifiable natural person
    • Processing: any operation relating to personal data

    2. Roles of the parties

    2.1 The Client

    The Client acts as the data controller for all personal data processed via RecensioAI.

    The Client determines:

    • The purpose of the processing
    • The categories of data subjects
    • The legal basis for processing

    2.2 RecensioAI

    RecensioAI acts exclusively as a data processor and processes personal data only:

    • Based on written instructions from the Client
    • For the execution of the services

    3. Categories of personal data

    RecensioAI may process the following data on behalf of the Client:

    3.1 Data of Client's end customers

    • Name
    • Email address
    • Phone number
    • Review content
    • Private feedback
    • Video testimonials
    • Completed form data

    3.2 Client data

    • Name
    • Contact details
    • Login information
    • IP address
    • Platform usage

    The exact data processing depends on the chosen functionalities.

    4. Purposes of processing

    RecensioAI processes personal data exclusively for:

    • Sending review requests
    • Collecting and centralizing reviews
    • Generating AI responses
    • Displaying reviews via widgets
    • Sharing reviews on social media
    • Providing statistics and reports
    • Automating workflows

    RecensioAI does not process personal data for its own commercial purposes.

    5. Duration of processing

    Processing takes place for as long as the agreement between the parties is in effect.

    After termination, RecensioAI will, at the Client's request:

    • Return the personal data, or
    • Delete the personal data

    Unless legal retention obligations require otherwise.

    6. Obligations of RecensioAI

    RecensioAI commits to:

    6.1 Processing according to instructions

    Processing personal data only based on documented instructions from the Client.

    6.2 Confidentiality

    Ensuring that all employees and involved third parties observe confidentiality.

    6.3 Security measures

    Taking appropriate technical and organizational measures, including:

    • Encryption during data transfer
    • Access restrictions
    • Logical access control
    • Periodic security audits
    • Incident response procedures

    6.4 Data breaches

    Informing the Client without undue delay in the event of a personal data breach, including relevant information about:

    • The nature of the incident
    • The potential consequences
    • The measures taken

    6.5 Assistance

    Supporting the Client with:

    • Requests from data subjects
    • DPIAs if necessary
    • Consultations with supervisory authorities

    7. Obligations of the Client

    The Client guarantees that:

    • The processing is lawful
    • A valid legal basis exists
    • Data subjects have been properly informed
    • Consent has been obtained where required
    • Instructions to RecensioAI are lawful

    The Client remains responsible for compliance with the GDPR.

    8. Sub-processors

    RecensioAI may engage sub-processors for:

    • Hosting
    • Email delivery
    • SMS services
    • Cloud infrastructure
    • Analytics

    RecensioAI:

    • Enters into appropriate agreements with sub-processors
    • Ensures an equal level of protection
    • Remains fully responsible for their actions

    A current list of sub-processors is available upon request.

    9. Transfers outside the EU

    If personal data is transferred outside the European Economic Area, RecensioAI ensures appropriate safeguards, such as:

    • EU Standard Contractual Clauses
    • Adequacy decisions

    10. Rights of data subjects

    RecensioAI will promptly forward requests from data subjects to the Client.

    RecensioAI provides reasonable support for:

    • Access
    • Rectification
    • Erasure
    • Restriction
    • Portability
    • Objection

    11. Audit

    The Client has the right to verify compliance with this Agreement.

    Audits:

    • Must be requested in writing
    • Take place with reasonable prior notice
    • Are carried out at the Client's expense
    • May not constitute a disproportionate burden

    12. Liability

    The liability of the parties under this Agreement is subject to the limitations set out in the Terms and Conditions, unless mandatory law provides otherwise.

    13. Applicable law

    This Data Processing Agreement is governed by Dutch law.

    Disputes will be submitted to the competent court in the Netherlands.

    14. Contact

    For questions about this Data Processing Agreement:
    📧 support@recensioai.com

    We use cookies to improve your experience. Read our cookie policy for more information.