Introduction

Dataproves is operated by WEBLYTICA LTD. and provides advanced API solutions designed to enhance user experiences for businesses globally. As part of our operations, we may process personal data on behalf of our customers.

To ensure compliance with global data privacy regulations, Dataproves implements privacyby-design measures, including the automatic deletion of API request logs after seven days. This approach minimizes data retention and ensures that customers can integrate our services without compromising user privacy. customers.

This Data Processing Agreement (“Agreement”) governs the use of our services and complies with the General Data Protection Regulation (EU) 2016/679 (GDPR).

Data Processing Agreement

This Agreement is entered into between the Company and WEBLYTICA LTD., acting as the Data Processor (collectively referred to as the “Parties”).

1. Definitions and Interpretation

1.1 Unless otherwise stated, the following terms apply:

• “Agreement”: This Data Processing Agreement.
• “Company Personal Data”: Personal Data processed on behalf of the Company under this Agreement.
• “Contracted Processor”: A Subprocessor authorized by the Data Processor.
• “Data Protection Laws”: GDPR, and any applicable privacy laws.
• “GDPR”: General Data Protection Regulation (EU 2016/679).
• “Services”: API services provided by Dataproves.
• “Subprocessor”: Any third party authorized by the Data Processor to process personal data under this Agreement.

1.2 Other terms (e.g., Controller, Processor, Personal Data) shall have the meanings given in the GDPR or applicable laws.

2. Data Processing Obligations

2.1 Processor Responsibilities

• Comply with applicable Data Protection Laws when processing personal data.
• Process data only on the Company’s instructions unless otherwise required by law.

2.2 Company Instructions:

• The Company instructs the Processor to process personal data solely to provide the agreedupon services.

3. Personnel Confidentiality

The Processor shall ensure all personnel handling Company data are bound by confidentiality agreements and access is restricted to necessary operations only.

4. Security Measures

4.1 The Processor shall implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of sensitive data.
• Regular security audits.

4.2 The Processor shall assess risks and implement mitigations for potential data breaches.

5. Subprocessors

The Processor may engage Subprocessors only with prior written consent from the Company and shall ensure Subprocessors adhere to the same data protection obligations.

6. Data Subject Rights

The Processor will assist the Company in responding to Data Subject requests, such as:

• Access or deletion requests under GDPR.
• Ensuring no action is taken without the Company’s documented instructions.

7. Data Breach Notification

The Processor will notify the Company within 48 hours of discovering any data breach, providing details to enable compliance with reporting obligations under applicable laws.

8. Data Protection Impact Assessments

The Processor shall assist the Company with data protection impact assessments and consultations with supervisory authorities when required.

9. Data Retention and Deletion

Upon cessation of services, the Processor will delete all personal data within 10 business days, unless retention is required by law.

10. Audit Rights

The Processor shall provide the Company with necessary information to verify compliance and allow for audits, subject to reasonable notice.

11. International Data Transfer

Data shall not be transferred outside the

• The Company’s consent.
• Compliance with mechanisms such as Standard Contractual Clauses (SCCs) or similar measures.

12. General Terms

12.1 Confidentiality: Both Parties agree to keep shared information confidential unless disclosure is legally required.

12.2 Notices: Communications must be in writing and sent to the email or physical addresses specified in this Agreement.

13. Governing Law and Jurisdiction

This Agreement is governed by UK law. Disputes shall be resolved in the courts of the UK, where WEBLYTICA LTD. is headquartered.

14. Data Access and Privacy Rights

Requests for data removal or access can be sent to [email protected]. The Processor will handle such requests promptly and in accordance with GDPR obligations.