arrow_forward Start now dehaze

Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement (“DPA”) forms an integral part of the Terms of Service governing the use of the audienced platform.

This DPA governs the processing of personal data between:

  • the Administrator (Data Controller), and
  • Fitcrea d.o.o. (Data Processor)

in connection with the use of the audienced platform.

2. Definitions

For the purposes of this DPA:

Administrator (Data Controller)
means the user of the Platform who collects and/or processes personal data of their users, customers, or community members.

Fitcrea d.o.o. (Data Processor)
means the provider of the audienced platform, which processes personal data on behalf of the Administrator.

Personal Data
means any information relating to an identified or identifiable natural person, as defined under the General Data Protection Regulation (GDPR).

Processing
means any operation or set of operations performed on personal data.

3. Subject Matter of Processing

Fitcrea d.o.o. provides the audienced platform, which enables Administrators to:

  • create and sell digital products,
  • manage online communities,
  • deliver educational programs and courses,
  • communicate with users,
  • manage access to content.

In doing so, Fitcrea d.o.o. may process personal data on behalf of the Administrator.

4. Roles of the Parties

The Administrator acts as the Data Controller.

Fitcrea d.o.o. acts as the Data Processor.

The Administrator is responsible for:

  • ensuring lawful processing of personal data,
  • obtaining valid legal bases (e.g. consent, contract),
  • informing data subjects about data processing,
  • complying with applicable data protection laws.

Fitcrea d.o.o. shall process personal data:

  • only on documented instructions from the Administrator,
  • only to the extent necessary to provide the Platform.

5. Types of Personal Data

Processing may include the following types of personal data:

  • name and surname,
  • email address,
  • user account data,
  • activity data within the Platform,
  • content uploaded or published by users.

The exact scope of data is determined by the Administrator.

6. Categories of Data Subjects

Processing may include personal data of:

  • community members or users,
  • customers purchasing digital products,
  • participants in programs or courses,
  • other individuals accessing Administrator content.

7. Purpose of Processing

Fitcrea d.o.o. processes personal data solely for the purpose of:

  • providing and operating the Platform,
  • hosting content,
  • managing user accounts,
  • providing technical support,
  • ensuring platform security.

8. Data Security

Fitcrea d.o.o. implements appropriate technical and organizational measures to protect personal data, including:

  • encrypted communication (HTTPS),
  • secured server infrastructure,
  • restricted access to data,
  • system monitoring and security audits.

9. Sub-processors

Fitcrea d.o.o. may engage third-party service providers (“Sub-processors”) to support the delivery of the Platform, including:

  • hosting infrastructure providers,
  • content delivery networks (CDNs),
  • email service providers,
  • analytics providers,
  • payment processors.

Current Sub-processors include:

  • DigitalOcean
  • Bunny.net
  • Stripe

Sub-processors shall process personal data only to the extent necessary for providing their services.

10. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Fitcrea d.o.o. shall ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs), or
  • other lawful transfer mechanisms in accordance with GDPR.

11. Assistance with Data Subject Rights

Fitcrea d.o.o. shall, to the extent reasonably possible, assist the Administrator in fulfilling obligations related to data subject rights, including:

  • access to personal data,
  • rectification,
  • erasure,
  • restriction of processing,
  • data portability.

12. Data Breach Notification

In the event of a personal data breach, Fitcrea d.o.o. shall notify the Administrator without undue delay.

The Administrator is responsible for notifying data subjects and/or supervisory authorities where required by law.

13. Data Retention and Deletion

Upon termination of the use of the Platform, Fitcrea d.o.o. may:

  • delete, or
  • anonymize

personal data, unless retention is required by applicable law.

14. Liability

The Administrator is solely responsible for:

  • the lawful collection and processing of personal data,
  • compliance with applicable data protection laws.

Fitcrea d.o.o. shall not be responsible for how the Administrator uses personal data collected through the Platform.

15. Term and Acceptance

This DPA becomes effective upon the Administrator’s use of the Platform.

By using the Platform, the Administrator confirms that they have read, understood, and agreed to this DPA.

Start creating today

arrow_forward Start your 14-day free trial