Data Processing Agreement

Effective Date: May 29, 2026.

This Data Processing Agreement (the "DPA") forms part of and supplements the Skillsail Terms and Conditions. If Skillsail processes Customer Personal Data on behalf of your organization, your acceptance of the Terms also constitutes acceptance of this DPA on behalf of that organization.

This DPA has 2 parts: (1) the Key Terms on this Cover Page and (2) the Common Paper DPA Standard Terms Version 1.1 posted at commonpaper.com/standards/data-processing-agreement/1.1 ("DPA Standard Terms"), which is incorporated by reference. If there is any inconsistency between the parts of the DPA, the Cover Page will control over the DPA Standard Terms. Capitalized and highlighted words have the meanings given on the Cover Page. However, if the Cover Page omits or does not define a highlighted word, the default meaning will be "none" or "not applicable" and the correlating clause, sentence, or section does not apply to this DPA. All other capitalized words have the meanings given in the DPA Standard Terms or the Agreement.

Key Terms

The key legal terms of the DPA are as follows:

AgreementThis DPA supplements the following agreement:
https://skillsail.com/legal/terms
Approved Subprocessorshttps://skillsail.com/legal/subprocessors
Provider Security Contactnico@skillsail.com
Elektrastraße 11
München, Germany 81925
Germany
Security PolicyAs defined in the Agreement.
Changes to the Agreement
Governing Law and Chosen CourtsNotwithstanding the governing law or similar clauses of the Agreement, all interpretations and disputes about this DPA will be governed by the laws of the Governing State without regard to its conflict of laws provisions. In addition, and notwithstanding the forum selection, jurisdiction, or similar clauses of the Agreement, the parties agree to bring any legal suit, action, or proceeding about this DPA in, and each party irrevocably submits to the exclusive jurisdiction of, the courts of the Governing State.
Governing State means: Germany
Service Provider RelationshipTo the extent California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq ("CCPA") applies, the parties acknowledge and agree that Provider is a service provider and is receiving Personal Data from Customer to provide the Service as agreed in the Agreement and detailed below (see Nature and Purpose of Processing), which constitutes a limited and specified business purpose. Provider will not sell or share any Personal Data provided by Customer under the Agreement. In addition, Provider will not retain, use, or disclose any Personal Data provided by Customer under the Agreement except as necessary for providing the Service for Customer, as stated in the Agreement, or as permitted by Applicable Data Protection Laws. Provider certifies that it understands the restrictions of this paragraph and will comply with all Applicable Data Protection Laws. Provider will notify Customer if it can no longer meet its obligations under the CCPA.
Restricted Transfers
Governing Member StateEEA Transfers: Germany
UK Transfers: England

Annex I(A) List of Parties

Data ExporterName: the Customer signing this DPA
Activities relevant to transfer: See Annex 1(B)
Role: Controller
Data ImporterName: the Provider signing this DPA
Contact person: Nico Schriever, CEO
Address: Elektrastraße 11, München, Germany 81925, Germany
Activities relevant to transfer: See Annex 1(B)
Role: Processor

Annex I(B) Description of Transfer and Processing Activities

ServiceThe Service is:
Skillsail Platform, an AI-powered eLearning content creation, hosting, sharing, and export service, including related support services.
Categories of Data SubjectsCustomer's end users or customers
Customer's employees
Categories of Personal DataName
Contact information such as email, phone number, or address
User activity and analysis such as device information or IP address
Location information
Special Category DataIs special category data (as defined in Article 9 of the GDPR) Processed?
No
Frequency of TransferContinuous
Nature and Purpose of ProcessingReceiving data, including collection, accessing, retrieval, recording, and data entry
Holding data, including storage, organization, and structuring
Using data, including analysis, consultation, testing, automated decision making, and profiling
Protecting data, including restricting, encrypting, and security testing
Sharing data, including disclosure, dissemination, allowing access, or otherwise making available
Returning data to the data exporter or data subject
Duration of ProcessingProvider will process Customer Personal Data as long as required (i) to conduct the Processing activities instructed in Section 2.2(a)-(d) of the Standard Terms; or (ii) by Applicable Laws.

Annex I(C)

Competent Supervisory AuthorityThe supervisory authority will be the supervisory authority of the data exporter, as determined in accordance with Clause 13 of the EEA SCCs or the relevant provision of the UK Addendum.

Annex II

Technical and Organizational Security MeasuresSee Security Policy
User identification and authorization process and protection:
Use of passwordless login processes and single sign on where possible.
Protecting Customer Personal Data during transmission (in transit):
All customer-facing websites are only available via https.
Events logging:
Error and issue logging to ensure problems can be detected and remediated in a timely manner.
Ensuring data minimization:
Unused user accounts are removed after certain time periods.
Ensuring data quality:
We correct inaccurate information in our systems as soon as we are made aware of data discrepancies. In most cases, customers can adjust and update their user data in their own customer portal.
Allowing data portability and erasure:
Customers can request account deletion via a button in their account or request it by contacting support. A data extract can be requested from customer support as well.
Other Changes to the DPA Standard Terms
Additional modifications or customizations

Acceptance and Provider Details

Provider and Customer have not changed the DPA Standard Terms except for the details on the Cover Page above. For online self-service customers, Customer agrees to enter into this DPA by accepting the Agreement; no separate signature is required for this online DPA. If Provider and Customer execute a separately signed data processing agreement, that separately signed agreement controls for the Customer that signed it.

ProviderSkillsail GmbH
Print NameNico Schriever
TitleCEO
Legal Notice AddressElektrastraße 11
München, Germany 81925
Germany

Subprocessors

The current list of Approved Subprocessors is maintained on our Subprocessors page.

Source and License

This DPA is based on the Common Paper Data Processing Agreement, including the Common Paper DPA Standard Terms Version 1.1, and is used and modified under the Creative Commons Attribution 4.0 International License. It has been customized for Skillsail GmbH. Common Paper is not a party to this DPA.

SkillsailSkillsail
  • Enterprise
  • Precios
ConectarseEmpezar gratis

Creador de cursos con IA

¿Listo para crear?

Pida a Skillsail que cree un

Plataforma

  • Funciones
  • Plantillas
  • Precios
  • Enterprise

Casos de uso

  • Capacitación de Incorporación de Empleados
  • Ver todas las soluciones
  • Automotriz
  • Salud
  • Retail
  • Ver todas las industrias

Recursos

  • Documentacion
  • FAQ
  • Validador SCORM
  • Reproductor SCORM
  • Registro de cambios
  • Blog

Empresa

  • Nosotros
  • Concierte una reunión
  • Contacto
  • Compromiso climático

Legal

  • Política de privacidad
  • Subencargados
  • Acuerdo de tratamiento de datos
  • Condiciones generales
  • Créditos y uso
  • Pie de imprenta

© 2026 Skillsail GmbH, Todos los derechos reservados

  • LinkedIn
  • X
  • YouTube