1. Parties and roles

This Data Processing Agreement ("DPA") is entered into between:

• The Controller — [Customer legal name, org. no.] ("Customer"), the data controller (personuppgiftsansvarig); and
• The Processor — ABN Platform AB, [org. no.] ("ABN"), the data processor (personuppgiftsbiträde).

The DPA governs ABN's processing of personal data on the Customer's behalf under Article 28 GDPR and supplements the main service agreement.

2. Subject matter, nature and purpose

ABN provides the Autonomous Backoffice Network — software installed as a local Node in the Customer's own environment. The Node discovers business processes, runs autonomous agents and produces reports. The purpose of processing is limited to delivering that service to the Customer.

Architectural fact (Art. 25 — data protection by design): customer data is processed only inside the Customer-controlled Node. ABN as a vendor receives no copy of the Customer's personal data. The LLM never receives raw values — only abstract event-type names, counts and statistics (the "No-Data Guarantee").

3. Duration

Processing lasts for the term of the main service agreement and ceases on its termination (see §10).

4. Categories of personal data and data subjects

Processed inside the Node, depending on the connectors the Customer enables:

Identifying fields are pseudonymised via SHA-256 by the PII Guardian before storage; direct identifiers (names, addresses, e-mail, personal-identity numbers, bank details) are removed by the Data Minimizer and never persisted.

5. Documented instructions

ABN processes personal data only on the Customer's documented instructions, as set out in this DPA and the service agreement. ABN informs the Customer if an instruction infringes the GDPR or other applicable data-protection law.

6. Confidentiality

ABN ensures that every person authorised to process personal data is bound by an appropriate duty of confidentiality.

7. Security measures (Art. 32)

ABN implements security by architecture:

• Local execution — data never leaves the Customer Node.
• Data minimisation — per-(connector, resource) field allowlists.
• Pseudonymisation — SHA-256 PII tokenisation before storage.
• No-Data LLM Gateway — only tokenised/abstracted data reaches any external model.
• Sandbox isolation — agents run in Firecracker microVMs; a Go write-guard validates every write.
• mTLS between Node services, certificates rotated every 24 h.
• Encryption — TLS in transit, encryption at rest on the Node DB.
• Auditability — every action is recorded in Customer-owned transparency tables and HMAC-signed cycle attestations.

8. Sub-processors

ABN uses the sub-processors listed in Annex A. ABN imposes the same data-protection obligations on each sub-processor by contract (Art. 28(4)). ABN informs the Customer of any intended change and the Customer may object within 30 days.

9. Assistance to the Controller

ABN assists the Customer, taking into account the nature of processing:

• with responding to data-subject requests (Art. 12–23) — in practice trivial, as the Customer holds the data and ABN holds no copy;
• with security, breach notification, DPIA and prior consultation (Art. 32–36).

10. Return and erasure

On termination, at the Customer's choice, ABN deletes or returns all personal data and deletes existing copies, unless storage is required by Union or Member-State law. Because ABN holds no copy of Customer data, this obligation is met by the Customer decommissioning the Node.

11. Audit

ABN makes available all information necessary to demonstrate compliance with Art. 28 and allows for and contributes to audits, including inspections, by the Customer or an auditor it mandates. The Customer-owned audit log can be queried directly by the Customer at any time.

12. International transfers

ABN does not transfer Customer personal data outside the Customer environment, and therefore not outside the EU/EEA. Any future transfer requires a valid Chapter V GDPR transfer mechanism and the Customer's prior written instruction.

Annex A — Sub-processors