Data Processing Agreement (DPA)

This Data Processing Agreement ("Agreement") is entered into by and between Duckling Media ApS, VAT-id: DK-43764810 (“the Controller”), and the Data Processor (“the Processor”).

(Collectively referred to as the "Parties" and individually as a "Party")

This Agreement outlines the terms and conditions under which the Processor will process personal data on behalf of the Controller, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. PURPOSE OF THE DATA PROCESSING

The Processor shall process personal data solely for the purposes set out in the Agreement and in accordance with the Controller's documented instructions. The processing is undertaken to enable the Processor to provide a social media network in an app or website, which allows users to share multimedia stories, setup groups and interact with each other with likes, comments and similar means.

2. TYPE OF DATA PROCESSED

The Processor will process the types of personal data described in our Privacy Policy, which can be found here: https://app.termly.io/policy-viewer/policy.html?policyUUID=fccf9667-5769-4208-8498-30df8bb87b3d

3. DATA PROCESSING INSTRUCTIONS

The Processor will process personal data only in accordance with the Controller's Privacy Policy and Legal Terms, which may be amended from time to time. The Processor will not use personal data for any other purposes unless required to do so by applicable law. All legal agreements can be found here: https://www.duckling.co/legal

4. DURATION OF DATA PROCESSING RIGHTS

The Processor shall process personal data for the duration of the provision of services under this Agreement. Upon termination of the services delivered to the Processor, Duckling (the Controller) will retain user data as necessary for its legitimate business purposes and compliance with applicable laws. However, Duckling shall return or securely delete the personal data upon request from individual users, provided such a request is made in accordance with the data subject's rights under applicable data protection laws.

5. NATURE AND PURPOSE OF THE PROCESSING

  • Nature of Processing: The Processor will collect, store, and process personal data as part of the service delivery. The processing activities may include data hosting, analytics, user authentication, recommendations, verification and blacklisting of content and users.

  • Purpose of Processing: The purpose of the processing is to enable the Processor to provide the services outlined in this Agreement.

6. TYPE OF PERSONAL DATA

The types of personal data to be processed may include:

  • Contact details:  Name, email address and telephone number

  • Demographic information: School, age, gender

  • Usage data: User interactions like likes and views

7. CATEGORIES OF DATA SUBJECTS

The personal data to be processed pertains to the following categories of data subjects:

  • Content creators who creates stories an uploads media on the Duckling platform

  • Content viewers who views or otherwise interacts with stories and media on the Duckling platform

8. OBLIGATIONS AND RIGHTS OF THE CONTROLLER

The Controller acknowledges that it is responsible for ensuring that the personal data provided to the Processor is processed in compliance with applicable data protection laws. The Controller has the following obligations and rights:

  • Ensure that all personal data shared with the Processor is lawfully collected and processed.

  • Provide clear instructions to the Processor regarding data processing.

  • Monitor the Processor's compliance with data protection laws.

  • Ensure the data subjects' rights (e.g., right of access, rectification, erasure, etc.) are upheld.

9. SECURITY MEASURES

The Processr agrees to implement appropriate technical and organizational measures to protect the personal data against unauthorized access, alteration, disclosure, or destruction..

10. SUB-PROCESSORS

The Processor may engage sub-processors for specific tasks. The sub-processor shall be bound by the same data protection obligations as the Processor.

11. DATA SUBJECT RIGHTS

The Processor shall assist the Controller in fulfilling its obligations related to data subject rights, including:

  • The right to access, correct, delete, or restrict processing of personal data.

  • The right to data portability.

  • The right to object to processing.

12. LIABILITY

Each Party shall be liable for any damages caused by its failure to comply with applicable data protection laws. The Processor shall indemnify the Controller against any claims arising from the Processor's breach of this Agreement.

13. GOVERNING LAW AND DISPUTES

This Agreement shall be governed by the laws of Denmarj, and any disputes shall be resolved in the competent courts of Copenhagen, Denmark

14. ACCEPTANCE OF TERMS

By onboarding the Duckling platform and opting in to the legal terms, the Processor acknowledges and accepts the terms of this Data Processing Agreement. This acceptance signifies the Processor's commitment to comply with all obligations set forth in this Agreement and to process personal data in accordance with the Controller’s instructions and the applicable data protection laws.