Data Processing Agreement

Last updated: January 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Webbbyy ("Processor") and you ("Controller").

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on Personal Data.

Data Subject: The individual to whom Personal Data relates.

Processor shall:

Process Personal Data only on documented instructions from Controller
Ensure persons authorized to process Personal Data have committed to confidentiality
Implement appropriate technical and organizational measures
Assist Controller in responding to Data Subject requests

We implement industry-standard security measures including:

Current sub-processors:

We will notify you of any intended changes to sub-processors.

Personal Data may be transferred to countries outside the EEA. Such transfers are protected by Standard Contractual Clauses or adequacy decisions.

We will assist you in fulfilling obligations to respond to Data Subject requests for:

We will notify you without undue delay after becoming aware of a Personal Data breach.

Controller has the right to audit Processor's compliance with this DPA, subject to reasonable notice and confidentiality obligations.

Upon termination, we will delete or return all Personal Data at your choice, unless retention is required by law.

Each party's liability arising from this DPA shall be subject to the limitations in the Terms of Service.

Data Protection Officer: [email protected]