Data processing

This data processing agreement was last updated on January 19, 2026.

This Data Processing Agreement (”DPA”) forms part of, and is subject to, the Advisory Terms or other written or electronic agreement between Shaeps ApS ("Processor") and the Client ("Controller") for the purchase of services (the "Agreement").

Definitions

"GDPR" means the General Data Protection Regulation (EU) 2016/679.

"Personal Data", "Processing", "Data Subject", "Data Controller", "Data Processor" shall have the meanings given in the GDPR.

Roles and scope

The parties agree that, with regard to the Processing of Personal Data under the Agreement, Controller is the Data Controller and Processor is the Data Processor.

The purpose of the processing is to provide China market entry advisory and business incorporation services.

The processing will continue for the duration of the Agreement.

The types of Personal Data that will be processed are the business contact details (name, business email address, telephone number and job title) of the Client's representatives, shareholders, and proposed directors for the Chinese entity. For official registration purposes, a copy of a passport or ID may be processed.

The categories of Data Subjects shall be the representatives, employees, shareholders, and proposed directors of the Controller and its Chinese entity.

Processor obligations

The Processor shall only Process Personal Data on documented instructions from Controller, unless required to do otherwise by applicable law.

The Processor shall ensure that any person authorised to process the Personal Data is subject to a duty of confidentiality.

The Processor shall implement and maintain appropriate technical and organisational measures to protect the Personal Data. These measures include, but are not limited to:

For file storage and sharing: All files are encrypted in transit (TLS) and at rest with client-controlled keys.

Using secure transport for email communication where supported by the corresponding mail server. As a policy, sensitive identification documents are not shared via standard email attachments.

Storing data only on password-protected devices with active security software.

Restrict access to Personal Data to authorised personnel on a strict need-to-know basis.

The Controller generally authorises the engagement of sub-processors. The Processor shall maintain a list of its sub-processors and notify the controller of any intended changes, giving the Controller the opportunity to object.

The Processor shall assist the Controller by appropriate technical and organisational measures in fulfilling the Controller's obligations to respond to Data Subject requests and to ensure compliance with security and data breach notification obligations under the GDPR, taking into account the nature of the processing.

International transfers

The Controller explicitly instructs the Processor to transfer personal data to its affiliated entity in China, Shaeps LEEMIAN Management (Baoding) Co. Ltd., for the sole purpose of performing the Services. The Controller acknowledges that China does not benefit from an adequacy decision pursuant to Article 45 of the GDPR.

Upon the Controller's request, the parties shall enter into the European Commission's Standard Contractual Clauses (SCCs, Module Two: Controller to Processor) to provide a framework for such transfers.

The Controller, as the Data Controller, is solely responsible for: (i) determining the appropriate legal basis for transferring personal data to China; and (ii) conducting any required transfer impact assessment regarding Chinese law.

By proceeding with the Services, the Controller confirms that they have assessed and accept the risks associated with transferring Personal Data to China. The Processor cannot guarantee that supplementary measures will prevent access by Chinese public authorities where required by applicable Chinese law.

Governing law and dispute resolution

This Agreement shall be governed by and construed in accordance with Danish law.

Any action or proceedings arising from or relating to these Terms shall be brought exclusively in the courts of Copenhagen, Denmark.

The proceedings shall be conducted in English.

Any judgment rendered by the courts of Copenhagen shall be final and enforceable in any jurisdiction.

Contact us

If you have any questions or comments about this Agreement, please contact us using the details below:

Shaeps ApS
Frederiksberg Allé 62, 4 tv
1820 Frederiksberg C
Denmark
CVR no. 35515291
Website: https://shaeps.com
Email: legal@shaeps.com