According to the GDPR, to process personal data on behalf of third parties, both controller and processor need a Data Processing Agreement.
iTernity itself has no mandate to process the personal data of its customers. However, in the course of consulting and support activities, iTernity may receive insight into or access to the personal data of its customers.
With the Data Processing Agreement, iTernity warrants that personal data of customers are adequately protected, and that the data are only processed for the purposes for which they were collected in accordance with Art. 5, Para. 1 b GDPR ("purpose limitation").