What is a DPA?

A Data Processing Agreement (DPA) is a legal contract that regulates the relationship between a Data Controller and a Data Processor, as established in Regulation (EU) 2016/679 of April 27, 2016, General Data Protection Regulation (GDPR), specifically in Article 28. This agreement is mandatory when the Data Controller delegates the processing of personal data to a third party, for example, for providing a service.

In this context, if you use Metricool’s services, we act as the Data Processor for your social media contacts' personal data and any third-party data you provide access to within your Metricool account.

Main Purpose of the DPA

The purpose of the DPA is to ensure that the Data Processor (Metricool in this case):

Processes the personal data you manage as the Data Controller only under your instructions and exclusively for the contracted services.

Complies with the security measures and requirements set out by the GDPR.

Minimum Required Content

According to GDPR (Article 28), a Data Processing Agreement (DPA) must include at least:

Purpose, duration, nature, and objectives of the processing.
Types of personal data and categories of data subjects.
Obligations and rights of the Data Controller.
The Data Processor’s commitments to:

Process data only under documented instructions from the Controller.
Implement appropriate technical and organizational security measures.
Ensure confidentiality of personnel with access to the data.
Assist the Controller in meeting GDPR obligations (e.g., handling data subject rights or conducting impact assessments).
Delete or return data once the contract ends.
Allow audits and provide compliance evidence.

What it's for

GDPR Compliance: It is a legal requirement that ensures the legitimacy of outsourced data processing.
Protects individuals’ rights: Prevents unauthorized or improper use of personal data.
Defines responsibilities: Clearly establishes each party’s obligations to prevent misunderstandings or non-compliance.
Reduces legal risks: Provides a contractual framework that protects the Controller if the Processor fails to comply.

How to get a copy of Metricool’s Data Processing Agreement (DPA)?

You can download a PDF copy of Metricool’s Data Processing Agreement (DPA) here.

If you need a signed copy of the DPA, please contact legal@metricool.com with the following details:

Name/Legal Entity of the Metricool account holder
Registered business address
Tax Identification Number (TIN)
Name of the legal representative signing the DPA
Email address where the signed DPA should be sent

Updated on: 24/03/2025