Data Processing Agreement
Between:
Mediaplatforms B.V., registered in the Netherlands with the Chamber of Commerce under number 82415889, hereinafter referred to as the "Processor";
and
The legal entity utilizing Easy Flow Builder, hereinafter referred to as the 'Controller'.
Whereas:
- The Controller uses the "Easy Flow Builder" platform provided by the Processor to facilitate WhatsApp communication flows;
- The Controller determines which personal data is processed and for what purposes;
- The Processor processes personal data solely on behalf of the Controller;
- The parties wish to document the processing of personal data in this Data Processing Agreement ("DPA");
1. Subject of Processing
The Processor processes the following personal data on behalf of the Controller:
- Name;
- Phone number;
- WhatsApp messages.
The Controller may extend the scope of processed personal data at its discretion, such as including email or address information. The Processor solely facilitates the technical processing and does not determine which additional personal data is processed.
2. Purpose of Processing
Personal data is processed exclusively for the execution of WhatsApp communication flows as configured by the Controller. No automated decision-making is applied based on this data. AI functionality is not utilized within the platform.
3. Duration of Processing
Personal data is retained as long as the Controller's account remains active. Upon account deletion, all data is automatically deleted within 30 days. Users may modify, correct, or delete their data during their active subscription.
4. Sub-processors
The Processor engages the following sub-processors:
- Google Firebase (hosting and database) - Subject to the Firebase Data Processing and Security Terms;
- Twilio (WhatsApp message processing) - Subject to the Twilio Data Protection Addendum.
The Processor may not engage additional sub-processors without prior written approval from the Controller.
5. Security Measures
The Processor has implemented appropriate technical and organizational measures to protect personal data, including:
- Access management;
- Audit logs;
- DDoS protection;
- Backups and a Disaster Recovery Plan (via Firebase);
- Point-in-time recovery and scheduled backups.
The Processor takes reasonable measures to ensure data continuity and integrity.
6. Data Subject Rights
The Processor will support the Controller in responding to data subject requests, including access, correction, and deletion requests. Data can only be deleted provided that account functionality is maintained. A WhatsApp phone number is necessary for a fully functional account. Users may anonymize their name to preserve privacy.
7. International Data Transfers
As Firebase and Twilio are based in the United States, personal data may be processed outside the European Economic Area. The Processor and its sub-processors apply Standard Contractual Clauses (SCCs) to comply with GDPR requirements.
8. Liability
The Processor's liability is limited to the amount paid by the Controller for the use of the platform in the past twelve months. The Processor shall not be liable for indirect damages, loss of profit, or damages resulting from the Controller's use of Easy Flow Builder.
9. Governing Law and Dispute Resolution
- This DPA is governed by the laws of the Netherlands;
- Any disputes shall be exclusively submitted to the competent court in the Netherlands;
- This DPA is an integral part of the agreement between the Processor and the Controller and becomes effective upon the Controller's acceptance of the platform's Terms and Conditions.