Data Processing Agreement (DPA)

Annex No. 2 to the Planislav Terms of Service | Version: 1.0 | Effective date: 12.06.2026

The Polish version of this document is the binding version.

This Data Processing Agreement (the DPA) is entered into between the User (the Controller) and IPT Supply Chain Innovations Sp. z o.o., with its registered office in Warsaw, ul. Hoża 86/410, 00-682 Warsaw, Poland, KRS 0001242724, NIP (Tax ID) 7011315076, REGON 544821431 (the Processor or the Service Provider).

The DPA forms an integral part of the Agreement for the provision of the Planislav Service concluded on the basis of the Planislav Terms of Service (the Terms). The DPA is concluded in electronic form upon conclusion of the Agreement (acceptance of the Terms), in accordance with Article 28(9) GDPR. Capitalised terms not defined in the DPA have the meaning given to them in the Terms.

DATA PROCESSING AGREEMENT (DPA)

§ 1. Definitions

§ 2. Subject matter, nature and purpose of processing

§ 3. Duration of processing

§ 4. Types of personal data and categories of data subjects

The entrustment covers the following types of data and categories of data subjects:

§ 5. Obligations of the Processor

The Processor undertakes that it shall:

§ 6. Obligations and representations of the Controller

§ 7. Sub-processors

§ 8. Deletion and return of data after termination of the Agreement

§ 9. Audits

§ 10. Transfers outside the European Economic Area

§ 11. Liability

§ 12. Final provisions

Schedule A — Sub-processors of Entrusted Data

Note: Clerk Inc. (authentication) and Stripe Payments Europe, Limited (payments) process Users' data for which the Service Provider acts as controller (Account and payment data) and do not process Entrusted Data — the full list of entities processing data in connection with the Service is set out in Annex No. 1 to the Terms of Service and in the Privacy Policy.