Brauche ich einen Auftragsverarbeitungs-Vertrag (AVV) mit DigElite?

Nein. Da das Plugin im Hosting des Kunden läuft und DigElite keine personenbezogenen Daten verarbeitet, ist DigElite nicht Auftragsverarbeiter. Sie schließen einen AVV nur mit Ihrem WordPress-Hoster (das ist ohnehin Standard). Updates des Plugins enthalten keine personenbezogenen Daten — es ist reine Software-Wartung.

Wie ist das mit OpenAI / Google Translate / Google Places, die Sie integrieren?

Wenn Sie diese APIs nutzen, schließen Sie als Kunde einen Vertrag mit dem jeweiligen Anbieter (OpenAI, Google) — das ist Ihre Entscheidung und Verantwortung. DigElite stellt nur die technische Integration. Für OpenAI gibt es Zero-Data-Retention-Tarife; Google Translate verarbeitet die Übersetzungs-Texte serverseitig (sollte mit Datenschutz-Erklärung abgedeckt sein); Google Places liefert öffentliche Geo-Daten (DSGVO-unkritisch).

Wie funktioniert die Auskunftsanfrage (Art. 15 DSGVO)?

Da alle Daten in Ihrer WordPress-Datenbank liegen, ist die Auskunfts-Erstellung eine SQL-Abfrage über die nz_crm_*-Tabellen, gefiltert auf die E-Mail-Adresse des Anfragenden. WordPress-DSGVO-Tools (z. B. WP-eigene Export-Funktion) lesen die Plugin-Tabellen automatisch mit, wenn das Plugin sich registriert — DigElite CRM tut das.

Was passiert bei Plugin-Deinstallation mit den Daten?

Standardmäßig bleiben die nz_crm_*-Tabellen erhalten — so können Sie das Plugin reaktivieren, ohne Daten zu verlieren. In den Einstellungen gibt es eine „komplett entfernen"-Option, die beim Deinstallieren die DB-Tabellen mit löscht. Lösch-Bestätigung ist Pflicht (vor versehentlichem Datenverlust geschützt).

DigElite CRM · Data Protection · In-house Operation

GDPR-compliant CRM — Data remains in the customer's WordPress., without SaaS cloud.

DigElite CRM stores all contact, campaign, and tracking data in the customer's own WordPress database tables (nz_crm_contacts, nz_crm_candidates, nz_crm_inbox, etc.) — no DigElite middle server, no US cloud, no vendor lock-in. The B2B justification according to Art. 6 para. 1 lit. f GDPR is operationalized in the plugin: pseudonymous tracking codes, 1-click opt-out via link, auto-opt-out based on stopwords, and separate retention periods.

Demo & Initial Consultation Back to CRM overview

Tracking-Übersicht im WordPress-Backend: pseudonyme Tracking-Codes, Opt-out-Links, Klick-Logs. — Tracking overview — pseudonymous codes per contact, transparent opt-out link, all logs in the customer's own WordPress.

Three architectural decisions

What GDPR-compliant in-house operation means in practice.

Operating the system in-house is an architectural decision, not a marketing claim. It manifests itself in three areas: where the data is located, who is the data controller in the sense of the GDPR, and whether a data processing agreement with a third-party provider is necessary.

Custom WordPress database tables

nz_crm_contacts · nz_crm_candidates · nz_crm_inbox · nz_crm_tasks · nz_crm_log · nz_crm_templates · nz_crm_categories. No CPT/postmeta dilution, no funds database.

No SaaS middle server, no US third country

Data remains in the customer's WordPress database. No DigElite API hub, no central middleman, no US cloud — and therefore no third-country transfer issues under GDPR + Schrems II.

Article 6 paragraph 1 letter f operationalized

Pseudonymous tracking codes, 1-click opt-out, auto-opt-out on stopwords, separate retention periods — the technical requirements for a cleanly executable balancing of interests are built into the plugin.

Who is the data controller within the meaning of the GDPR?

They. Not DigElite. That's the crucial difference.

Since the plugin runs on the customer's hosting, a data processing agreement with a third-party provider is unnecessary—the customer remains solely responsible under the GDPR. This might sound like more obligations, but it's actually a simplification: no data processing agreement partner risk, no third-country clauses, and no chains of data access requests through third-party servers. In the event of a data protection request, you only need to look in one place: your own WordPress database.

Frequently Asked Questions

What potential buyers should ask before purchasing.

Do I need a data processing agreement (DPA) with DigElite?

No. Since the plugin runs on the customer's hosting and DigElite does not process any personal data, DigElite is not a data processor. You only conclude a data processing agreement with your WordPress host (this is standard practice anyway). Plugin updates do not contain any personal data—it's purely software maintenance.

What about OpenAI / Google Translate / Google Places that you integrate?

When you use these APIs, you, as the customer, enter into a contract with the respective provider (OpenAI, Google) — this is your decision and responsibility. DigElite only provides the technical integration. OpenAI offers zero-data retention plans; Google Translate processes the translated texts server-side (this should be covered by a privacy policy); Google Places provides public geodata (not GDPR-compliant).

How does the data access request (Art. 15 GDPR) work?

Since all data resides in your WordPress database, generating a data request is an SQL query across the nz_crm_* tables, filtered by the requester's email address. WordPress GDPR tools (e.g., WordPress's built-in export function) automatically access the plugin tables when the plugin registers—DigElite CRM does this.

What happens to the data when a plugin is uninstalled?

By default, the nz_crm_* tables are retained—this allows you to reactivate the plugin without data loss. The settings include a "completely remove" option that deletes the database tables during uninstallation. Confirmation of the deletion is mandatory (protecting against accidental data loss).

Related Features

Where you can continue reading.

This feature is part of the DigElite CRM family — take a look at the Product Overview or the thematically related functions.

WhatsApp + Telegram Inbox

Automatic opt-out for stopwords as a technical implementation of GDPR.

Learn more →

Personalized landing pages

One-click opt-out via `?nzout=…` link, compliant with Art. 21 GDPR.

Learn more →

DigElite CRM — Overview

Overview of all features, AI hub and live reference.

Learn more →

15 minutes is enough to get an impression.

We'll show you DigElite CRM live in our own backend on nordzypern.live — no sales pitch, no slide 47. You'll see what a real acquisition workflow looks like in the plugin and decide if it fits your WordPress structure.

Schedule a demo & initial consultation