Egedalsvej 9
3670 Veksø
Denmark
CVR: 39072858
(”Data Controller 1”)
and
The company that creates a campaign/training account on uQualio’s platform and invites users who create and manage their own accounts
(”Data Controller 2”)
Date: September 2025
1.1 This agreement concerns joint data controllership (the “Agreement”) under GDPR Article 26. It defines the allocation of responsibilities between Data Controller 1 (uQualio) and Data Controller 2 when they jointly process personal data through the uQualio platform.
1.2 The joint controllership arises because Data Controller 2 creates and manages training campaigns on the platform, invites end-users, and processes their personal data, while uQualio provides and secures the platform and, for technical and operational reasons, has access to the same data.
1.3 Both parties determine certain purposes and means of processing, which creates joint controllership under GDPR.
2.1 The Agreement ensures compliance with applicable data protection and privacy legislation, including Regulation (EU) 2016/679 (the “GDPR”) and the Danish Data Protection Act.
3.1 The joint controllership covers processing of the following categories of personal data:
Account data: name, email address, profile picture, phone number.
Usage data: course enrolments, training progress, quiz and test results, certificates.
Communication preferences: consents to marketing, notifications, and inquiries.
3.2 Sensitive personal data under GDPR Article 9 is not processed within this Agreement.
3.3 The purposes of the processing are:
To enable Data Controller 2 to deliver courses and training via the uQualio platform.
To allow uQualio to provide, maintain, and secure the platform.
4.1 Data Controller 1 is uQualio ApS, which operates the platform and related systems.
4.2 Data Controller 2 is the company that creates a uQualio campaign/training account and invites end-users to courses.
4.3 Each Data Controller is responsible for compliance with GDPR in their area, except where this Agreement assigns responsibility otherwise.
5.1 uQualio is responsible for:
Making the platform available and ensuring system security, availability, and integrity.
Implementing appropriate technical and organisational measures in line with GDPR Articles 24–25 and 32.
Handling data subject rights requests related to access, rectification, erasure, restriction, portability, and objection.
Keeping records of platform-level processing activities.
5.2 Data Controller 2 is responsible for:
Ensuring a valid legal basis for processing learner data.
Providing transparency and notices to end-users in accordance with GDPR Articles 13 and 14.
Creating and managing training content, campaigns, and learners.
Managing communication with learners, including consents and withdrawals.
Keeping records of its own processing activities.
5.3 Both parties share responsibility for enabling data subjects to exercise their rights transparently.
6.1 Personal data is exchanged between the parties to the extent necessary for the delivery of services.
6.2 Each Data Controller may use the personal data for their own purposes within the framework of this Agreement and in compliance with GDPR.
7.1 Data subjects may exercise their rights under GDPR Chapter III against either Data Controller.
7.2 uQualio is responsible for handling requests relating to access, rectification, deletion, restriction, portability, and objection.
7.3 Data Controller 2 is responsible for fulfilling the information obligations under Articles 13 and 14.
7.4 Requests received by one party that fall under the other party’s responsibility must be forwarded immediately.
7.5 The essence of this Agreement will be made available to data subjects via our Privacy & Cookie Policy
8.1 Both Data Controllers are responsible for documenting compliance with GDPR within their area of responsibility.
8.2 Each party must maintain internal policies, records of processing activities (Article 30), and demonstrate compliance on request.
9.1 uQualio implements technical and organisational security measures to ensure platform-level protection.
9.2 Data Controller 2 must comply with uQualio’s security measures and ensure that administrators and users act in accordance with security requirements.
10.1 Both Data Controllers may use data processors.
10.2 uQualio may use sub-processors for hosting, analytics, or functionality, subject to GDPR Article 28 requirements.
10.3 Data Controller 2 may use processors for its activities, provided GDPR requirements are met.
10.4 On request, each party shall provide the other with information about relevant processors used for joint processing.
11.1 If a breach occurs, the responsible party must notify the other without undue delay.
11.2 uQualio assesses and documents incidents, and where required, notifies the Danish Data Protection Agency and affected data subjects.
11.3 Data Controller 2 remains responsible for breaches resulting from its misuse of the platform or mishandling of learner data.
12.1 Each Data Controller must carry out DPIAs when required under Article 35.
12.2 Each Data Controller is responsible for consulting supervisory authorities under Article 36 where necessary.
13.1 uQualio may transfer personal data outside the EU/EEA in compliance with Chapter V of GDPR and with appropriate safeguards.
13.2 Data Controller 2 may not transfer personal data outside the EU/EEA without uQualio’s prior written approval.
14.1 Complaints from data subjects shall be handled by the Data Controller responsible for the processing in question.
14.2 Complaints received by the wrong party must be forwarded promptly.
14.3 Data subjects must be informed of the essence of this Agreement where relevant.
15.1 Both parties must inform each other of circumstances that may affect compliance with this Agreement.
16.1 This Agreement remains in force as long as both parties are joint data controllers.
16.2 The Agreement terminates if joint controllership ceases or if replaced by a new arrangement.
17.1 If circumstances change such that the parties can no longer be considered joint controllers, this Agreement terminates automatically.
18.1 This Agreement is considered accepted and binding at the time Data Controller 2 purchases a subscription to the uQualio platform, including when payment is made by credit card or other accepted payment method.
18.2 By completing the subscription process, Data Controller 2 confirms that the person completing the purchase has the necessary authority to legally bind Data Controller 2 to this Agreement.
For more details, see also:
https://app.complycloud.com/externaldocument?id=878448d7acc4cee74de79147c317df5883f66381067624855721159425
