Data Processing Agreement (DPA)

Valid in the EU and Finland

This Data Processing Agreement (“DPA”) forms part of the Service Agreement between the Organizer (“Controller”) and Owners Club Events (“Processor”). This DPA ensures compliance with the EU General Data Protection Regulation (“GDPR”) and the Finnish Data Protection Act.

1. Purpose

Owners Club Events processes personal data solely for the purpose of enabling the Controller to manage memberships, events, payments and participant information.

2. Roles

The Controller determines the purposes and means of processing personal data. The Processor processes data strictly as instructed and only to provide the Service.

3. Types of Data

• Identification data: name, email
• Profile/club data: vehicle/garage, visibility, membership details
• Event data: registrations, attendance, additional preferences
• Payment metadata via Stripe (no card data stored)

4. Security

We apply state-of-the-art security controls including encryption, role-based access controls, row-level security, logging, monitoring, and secure EU-hosted infrastructure.

5. Subprocessors

• Supabase (EU region where possible)
• Vercel (EU delivery where applicable)
• Stripe (payment processing, independent controller for card data)

All subprocessors are bound by GDPR-compliant contractual safeguards.

6. Data Breaches

The Processor will notify the Controller without undue delay of any data breach that affects personal data processed on behalf of the Controller, enabling the Controller to meet its notification duties.

7. International Transfers

If personal data is processed outside the EU/EEA, we implement approved GDPR safeguards such as Standard Contractual Clauses (SCCs).

8. Termination

Upon termination, personal data is deleted or returned to the Controller unless retention is required under Finnish bookkeeping or legal retention laws.

9. Contact

Email: support@ownersclubevents.com