Order processing contract (AVV) in accordance with Art. 28 GDPR

for using TextRocket.ai.

This order processing contract (“AVV”) regulates the processing of personal data by the contractor on behalf of the client in accordance with Art. 28 GDPR.

It supplements the terms of use concluded between the parties and the main contract for the use of the TextRocket.ai software.

The contract applies to all activities in which employees of the contractor or persons commissioned by the contractor process the client's personal data.

The definitions of the GDPR apply.

1. Subject matter of the contract and the client's right to issue instructions

The subject of this contract is the processing of personal data as part of the use of TextRocket.ai platform, software for creating, analyzing, and managing content.

In particular, TextRocket.ai enables:

  • Preparation of SEO and marketing texts
  • Analyzing keywords and search intent
  • Content generation and management
  • Organizing content workflows
  • Save and edit text content within a project

The client is responsible within the meaning of the GDPR and is solely responsible for the lawfulness of data processing.

The contractor processes personal data exclusively:

  • on behalf of the client
  • in accordance with documented instructions from the client
  • as part of the agreed service

If the contractor is required by law to carry out further processing, he shall inform the client of this prior to processing.

Instructions from the client may be given in writing or in documented electronic form.

If the contractor is of the opinion that an instruction violates data protection regulations, he shall immediately inform the client.

The term of this contract corresponds to the term of the main contract for the use of TextRocket.ai.

2. Technical and Organizational Measures (TOMs)

The contractor undertakes to implement appropriate technical and organizational measures in accordance with Article 32 GDPR to protect personal data.

These measures take into account:

  • State of the art
  • Method of processing
  • Scope of data processing
  • Likelihood of occurrence and severity of potential risks

The measures include in particular:

Access control

  • Access to systems only via personalized user accounts
  • secure password policies
  • optional multi-factor authentication
  • role-based access rights

Access control

  • Access to data exclusively on a need-to-know basis
  • Logging administrative accesses
  • limited administrator rights

Transfer control

  • Encrypted data transfer (TLS/HTTPS)

Integrity

  • Logging changes to data
  • Content version histories

Availability

  • Operation on highly available cloud infrastructure
  • regular data backups
  • Disaster and recovery plans

Separation of data

  • logical client separation between customer projects
  • separate development, test and production systems

The client is entitled to review these measures.

3. Confidentiality

The contractor obliges all persons who have access to personal data to maintain confidentiality.

This obligation continues even after termination of the contractual relationship.

4. Information obligations of the contractor

The contractor shall immediately inform the client of:

  • data breaches
  • security incidents
  • Violations of this contract
  • government inquiries or investigations related to data processing

As far as possible, the report includes:

  • Type of data breach
  • affected data categories
  • Number of people affected
  • possible consequences
  • countermeasures taken

The contractor supports the client in fulfilling its obligations in accordance with Articles 12 to 36 GDPR.

5. Client's control rights

The client is entitled to check that the contractor complies with data protection regulations.

On request, the contractor will provide the client with suitable evidence of compliance with the agreed TOMs (e.g. TOM documentation, guidelines, audit reports, certificates, pen test summary). On-site testing is excluded. If justified, the client may request a remote audit to the extent necessary, provided that this does not jeopardize the contractor's business and trade secrets or security interests and the effort is proportionate.

6. Use of subcontractors

The contractor may use subcontractors to provide services.

The contractor undertakes to:

  • Conclude an AVV with all subcontractors
  • ensure a comparable level of data protection

The client issues a general approval for subcontractors.

7. Liability

Clients and contractors are liable to affected persons in accordance with the provision in Art. 82 GDPR.

8. Termination of the contract

After termination of the main contract, the contractor will, at the option of the client:

  • delete personal data, or
  • return it to the client

Statutory storage obligations remain unaffected.

9. Final provisions

Amendments to this contract must be made in writing or in a documented electronic format.

Should individual provisions be ineffective, the effectiveness of the remaining provisions remains unaffected.

The legal regulations of the GDPR apply.

plants

Appendix 1 — Description of data processing

Nature and purpose of processing

Processing takes place as part of the use of TextRocket.ai to create, analyze and manage content.

Purposes of processing:

  • Generating SEO and marketing texts
  • Analyzing keywords and search intent
  • Organizing content projects
  • Save and edit text content

Type of personal data

Depending on the use by the client, the following may be processed:

  • Contact details (e.g. name, email address, telephone number)
  • account data (e.g. project names, websites, company names)
  • Content within texts
  • Usage and log data

Categories of affected persons

  • Client employees
  • Client's customers or leads
  • Website visitors of the client

Appendix 2 — Technical and Organizational Measures

In particular, the TOMs include:

  • Access protection through authentication
  • role-based access control
  • encrypted data transmission
  • secure cloud infrastructure
  • regular backups
  • Monitoring and logging
  • separate development and production systems

Appendix 3 — Subcontractors

Exemplary sub-service providers may include:

Sub-processor

  1. Cloud hosting provider
    Processing activity: platform hosting
    Location: EU
  2. AI provider
    Processing activity: processing text requests
    Location: EU/ USA
  3. Analytics provider
    Processing activity: analysis of usage data
    Location: EU/USA

All subcontractors are subject to contractual data protection agreements in accordance with Art. 28 GDPR.

Angaben gemäß § 5 DDG:

SEO Galaxy GmbH
Rosenstrasse 16
56766 Ulmen
Deutschland

HRB 30177, Amtsgericht Koblenz
Ust-IdNr.: DE 314155175
Geschäftsführer: David Hahn
Verantwortlicher für den Inhalt der Seite: David Hahn

Kontakt

E-Mail: partner(ät)textrocket.ai
Telefon: Nach Anfrage

Quellenangaben für verwendete Bilder und Grafiken

Sowie eigene Fotografien in Eigenregie und professionelle Fotografien durch beauftragte Fotograf:innen, die die Rechte an uns zur Verwendung verkauft haben.

logos

Hinweis

Sollten Ihnen Dinge auffallen, die Sie als Rechtsverstoß interpretieren, nehmen Sie bitte zunächst Kontakt auf, bevor Sie Ihren Anwalt einschalten. Wir versprechen, alle berechtigten Interessen unverzüglich zu berücksichtigen.

Hinweis auf EU-Streitschlichtung

Die Europäische Kommission stellt eine Plattform zur Online-Streitbeilegung (OS) bereit: https://ec.europa.eu/consumers/odr
Unsere E-Mail-Adresse finden Sie oben im Impressum.

Haftungsausschluss

SEO Galaxy GmbH ist dazu verpflichtet, diese Website aktuell und akkurat zu halten. Solltest du dennoch auf irgendetwas stoßen, das veraltet oder inkorrekt ist, würden wir es schätzen, wenn du es uns wissen lässt. Bitte weise darauf hin, wo du auf der Seite die Information gelesen hast. Wir werden uns dann so schnell wie möglich darum kümmern. Bitte sende deine Rückmeldung an: team(ät)seo-galaxy.info.

Wir übernehmen keine Haftung für aus Ungenauigkeit oder Unvollständigkeit resultierenden Verluste, noch für entstehende Verluste oder Verbreitung von Informationen durch das Internet, wie Störungen oder Unterbrechungen. Bei der Verwendung von Internetfomularen streben wir danach die Anzahl der benötigten Felder zu minimieren. Für jegliche Verluste die aus der Verwendung von SEO Galaxy GmbH empfohlener oder stammender Daten, Hinweisen oder Ideen übernimmt SEO Galaxy GmbH keine Haftung.

Jegliche persönliche Information welche du uns innerhalb des Kontexts deiner Antwort oder deinem Antrag zur Verfügung stellst, wird ausschließlich gemäß unserer Datenschutzerklärung genutzt.

SEO Galaxy GmbH übernimmt keine Verantwortung für den Inhalt von Websites, zu denen oder von denen ein Hyperlink oder eine anderer Verweis führt. Produkte oder Serviceleistungen, die von Drittanbieten angeboten werden, werden nach entsprechenden Bedingungen und Konditionen jener Drittanbieter behandelt werden.

Jegliches intellektuelle Eigentumsrecht an Inhalten auf dieser Website ist im Besitz von SEO Galaxy GmbH. Das Kopieren, Vervielfältigen und andere Benutzung dieses Materials ist ohne schriftliche Genehmigung von SEO Galaxy GmbH erlaubt. Wenn du Fragen oder Probleme mit der Verfügbarkeit der Website hast, zögere nicht uns zu kontaktieren.

© 2026 TextRocket. All rights reserved.
imprint | Data protection | Terms and Conditions | AVV