PixelAdmin Logo
Legal

Joint Controllership Agreement for Beta & Preview Features

This agreement determines the allocation of responsibilities between the parties regarding data processing for beta and preview features, in compliance with GDPR Article 26.

Last updated:June 25, 2025

1. Parties

Data Controller 1 is the customer using the PixelAdmin service (“Customer” or “Data Controller 1”).

Data Controller 2 is PixelAdmin ApS, CVR no. 45447588, Falkoner Allé 90, 2000 Frederiksberg, Denmark (“PixelAdmin” or “Data Controller 2”).

This joint controllership agreement (the “Agreement”) is entered into between Data Controller 1 and Data Controller 2 (collectively the “Parties”) and is an addendum to PixelAdmin’s Terms of Service and Data Processing Agreement.

2. Purpose, Scope, and Applicability

This agreement defines the division of responsibilities between the Parties for the specific processing activity of using Customer data to improve and evaluate PixelAdmin features marked as “beta” or “preview” (“Beta Features”). For all other processing activities where PixelAdmin processes data on behalf of the Customer, PixelAdmin acts as a Data Processor as outlined in the Data Processing Agreement.

In accordance with Article 26 of the GDPR, joint controllership exists when two or more controllers jointly determine the purposes and means of processing. The purpose of this Agreement is to transparently establish the Parties' respective responsibilities for complying with GDPR obligations for the specified processing activity.

The essence of the arrangement shall be made available to the data subjects. Irrespective of the terms of the arrangement, data subjects may exercise their rights under the GDPR in respect of and against each of the controllers.

This Agreement is an integral part of PixelAdmin’s Terms of Service and applies exclusively to customers subject to the EU General Data Protection Regulation (GDPR). The rights and obligations herein apply solely to processing activities involving personal data of data subjects within the European Union (EU) and the European Economic Area (EEA).

3. Overall distribution of responsibilities

Data Controller 1 (Customer) is responsible for the initial collection of personal data and for establishing a valid legal basis to use the Beta Features. This includes informing data subjects about the processing. The Customer holds direct contact with the data subjects.

Data Controller 2 (PixelAdmin) is responsible for providing the Beta Features and for the subsequent technical processing of data, including data security, system integrity, and the technical infrastructure for analysis and improvement.

4. Principles and Legal Basis for Processing

The Customer (Data Controller 1) is responsible for ensuring and documenting a valid legal basis for the use of Beta Features and the associated data collection. By using a Beta Feature, the Customer consents to this processing.

Both Parties are individually responsible for complying with the principles relating to processing of personal data (Article 5 of the GDPR) within their respective areas of responsibility.

5. Data subject rights

To ensure a clear and practical process for data subjects, responsibility for facilitating data subject rights is allocated as follows:

The Customer (Data Controller 1) as the party with direct contact with data subjects, is primarily responsible for handling:

  • Information obligations upon collection of personal data (Articles 13 and 14).
  • The data subject's right of access (Article 15).
  • Right to rectification (Article 16).
  • Right to erasure (Article 17).
  • Right to object to processing (Article 21).

PixelAdmin (Data Controller 2) is responsible for handling requests related to the technical platform:

  • Right to restriction of processing (Article 18).
  • Right to data portability (Article 20).

The Parties are obligated to assist one another. If a Party receives a request that falls under the other Party's responsibility, the request must be forwarded without undue delay. The Customer is designated as the central point of contact for data subjects, and will route requests to PixelAdmin as needed.

6. Processing Security

Both Parties are responsible for implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Articles 24, 25, and 32 of the GDPR.

PixelAdmin (Data Controller 2) is specifically responsible for the security of the technical platform and infrastructure. These measures are detailed in Appendix C of the Data Processing Agreement.

The Customer (Data Controller 1) is responsible for the security of its own systems and for secure behavior when using the Service (e.g., password management).

7. Use of Data Processors

Each Party is responsible for the data processors they engage. PixelAdmin's use of sub-processors to deliver the Service is governed by the Data Processing Agreement.

8. Records of Processing Activities

Each Party is responsible for maintaining a record of processing activities carried out under its responsibility, in accordance with Article 30 of the GDPR.

9. Personal Data Breach

In the event of a personal data breach, the Party that discovers the breach is responsible for notifying the other Party without undue delay.

PixelAdmin (Data Controller 2) is responsible for notifying the competent supervisory authority (the Danish Data Protection Agency) of the breach in accordance with Article 33 of the GDPR.

The Customer (Data Controller 1) is responsible for notifying the affected data subjects of the breach in accordance with Article 34 of the GDPR, with assistance from PixelAdmin.

10. Data Protection Impact Assessment (DPIA)

PixelAdmin (Data Controller 2) is responsible for conducting a Data Protection Impact Assessment (DPIA) for the Service in accordance with Article 35 of the GDPR, and for consulting the supervisory authority if required.

Due to their experimental nature, Beta features may alter the fundamental character, scope, or risk profile of an existing processing activity. Therefore, PixelAdmin conducts a separate risk assessment upon activating any new Beta feature and, where relevant, prepares a supplementary or updated DPIA in accordance with the Danish Data Protection Agency's guidelines. If the Beta feature is made available to the Customer, the corresponding risk assessment and any recommended mitigating measures will be provided, allowing the Customer to determine whether their own DPIA must be updated before deploying the Beta feature in a live production environment.

11. Special Terms for Beta Features

Beta features are made available to allow PixelAdmin and selected Customers to jointly test and develop new functionality before it is released for General Availability (GA). Beta features differ significantly from the features included in the standard production version of the Service. The provisions in this section take precedence over corresponding provisions in the Terms of Service and the general Data Processing Agreement, but only with respect to the Beta feature itself.

Provided “As Is” Without Warranties: Beta features are provided on an “as is” and “as available” basis, without express or implied warranties of any kind, including warranties of functionality, merchantability, fitness for a particular purpose, error-free operation, or uninterrupted service. Beta features may contain bugs, defects, performance challenges, and unexpected behavior, and may be wholly or partially unavailable at times. Beta features are not covered by any service level agreement (SLA) applicable to the production version of the Service, and PixelAdmin offers no compensation for downtime, errors, or feature failures.

Recommendation Against Using Production Data: PixelAdmin explicitly recommends that the Customer does not use Beta features with business-critical production data, mission-critical workflows, or material where an error, loss, or unintended alteration would result in substantial consequences for the Customer or third parties. Should the Customer choose to use Beta features on such data regardless, they do so at their own risk and are solely responsible for maintaining adequate backups and rollback capabilities. Whenever possible, the Customer should restrict Beta feature usage to sample data, representative test sets, or dedicated sandbox environments.

Rights to Feedback and Usage Data: The Customer grants PixelAdmin an irrevocable, royalty-free, worldwide, and transferable license to use any feedback, suggestions, ideas, bug reports, or feature requests intentionally shared with PixelAdmin by the Customer or their users regarding the Beta feature. This applies to any purpose, including improving, modifying, commercializing, or integrating the functionality into the Service. Feedback does not inherently include personal data or confidential business content, and the Customer should ensure that feedback is submitted without embedding identifying or sensitive information. PixelAdmin may use anonymized statistics, error logs, and usage patterns relating to the operation of the Beta feature for operational improvements, quality assurance, and product development.

Right to Modify and Discontinue: PixelAdmin reserves the right to alter, limit, suspend, or discontinue a Beta feature at any time and without prior notice, including by removing individual components, altering behavior, or terminating the program entirely. Furthermore, Beta features may transition to the general production version of the Service at times and on terms determined solely by PixelAdmin, and such a transition may involve changes to pricing or licensing terms. No claims may be brought against PixelAdmin as a result of a Beta feature being modified or discontinued.

Deletion of Beta Data Upon GA Transition or Discontinuation: Personal data and content processed exclusively as part of the Customer's participation in a Beta feature, which do not simultaneously form part of the Customer's regular production data in the Service, will be deleted or anonymized by PixelAdmin no later than 90 days after the respective Beta feature transitions to GA or is discontinued. This applies unless the Customer requests earlier deletion or other legislation mandates continued storage. The Customer may withdraw from a Beta feature at any time by disabling the feature in the administration panel or by submitting a written request to legal@pixeladmin.com.

Independent Scope of Liability and Limitation: To the maximum extent permitted by applicable law, PixelAdmin's total aggregate liability to the Customer for any claim, loss, or damage arising out of or connected with a Beta feature is limited to DKK 1,000 (one thousand) per calendar year. This constitutes an independent liability cap that does not accumulate with or count toward the general liability cap in the Terms of Service. PixelAdmin is not liable for indirect losses, including operating losses, loss of data, loss of business, lost profits, or third-party claims arising from the use of a Beta feature. This limitation of liability does not apply to liability that cannot be excluded under mandatory law, such as in cases of intent or gross negligence.

Confidentiality and References: The existence, functionality, documentation, and performance of Beta features are considered PixelAdmin's confidential information. The Customer may not publicly discuss, compare, benchmark, or use the Beta feature in marketing, testimonials, or demonstrations to third parties without PixelAdmin's prior written consent. The Customer must not create the impression that PixelAdmin has recommended, approved, or endorsed the Customer's use of the Beta feature, and no PixelAdmin names, logos, or trademarks may be used without prior written consent.

AI-Based Beta Features: If a Beta feature incorporates AI functionality, the provisions of the separate AI Data Processing Agreement will also apply. This includes transparency obligations under Article 50 of the EU AI Act, requirements for human review of AI outputs, and mandates for marking synthetic content via C2PA Content Credentials and IPTC Digital Source Type. The Customer is responsible for ensuring that their human oversight function is adequately scaled to address the elevated risk associated with a Beta feature that has not yet undergone the comprehensive quality assurance processes applicable to the production release.

12. International Transfers

Any transfer of personal data to third countries must comply with Chapter V of the GDPR. PixelAdmin is responsible for ensuring a valid transfer mechanism for such transfers, as detailed in the Data Processing Agreement. Beta features operate on the same infrastructure as the production version of the Service, which includes Microsoft Ireland Operations Limited (Microsoft Azure in EU regions), Google Ireland Limited (where the Beta feature utilizes an AI component), and Stripe Payments Europe Limited (where the Beta feature involves payment flows). The use of these sub-processors remains unchanged when activating a Beta feature.

13. Complaints

The Parties are individually responsible for handling any complaints from data subjects regarding violations of the GDPR provisions for which the Party is responsible under this Agreement. Complaints shall be forwarded to the relevant Party as necessary.

14. Entry into Force and Termination

This agreement takes effect the moment the Customer begins using a Beta Feature.

This agreement remains valid as long as the processing occurs or until it is replaced by a new agreement.