Skip to content
WebDirect

Data Processing Agreement

Standard data processing terms for B2B clients under GDPR Article 28.

Parties

This DPA is between Web Direct SRL (acting as Data Processor) and the Client organization (acting as Data Controller) as named in the service agreement.

Subject Matter and Duration

Web Direct SRL processes personal data on behalf of the Controller solely for the purpose of providing the contracted IT services. Processing continues for the duration of the service agreement.

Nature and Purpose of Processing

Processing activities may include: access to client systems containing personal data for the purpose of DevOps, security, and infrastructure services; processing of log files and monitoring data; processing of contact and employee data for communication purposes.

Types of Personal Data

Depending on the contracted service: system logs (may contain IP addresses, usernames), application data (as necessary for debugging/support), contact information (names, emails, phone numbers for service delivery).

Obligations of the Processor

Web Direct SRL shall: process data only on documented instructions from the Controller; ensure confidentiality obligations on all personnel with data access; implement appropriate technical and organizational security measures; assist the Controller with security, breach notifications, and data subject requests; delete or return data upon termination of services.

Sub-processors

Web Direct SRL may use sub-processors (cloud providers, monitoring tools) for service delivery. A current list is available on request. We require sub-processors to maintain GDPR-equivalent protections.

Security Measures

We implement: encryption of data in transit (TLS 1.3) and at rest; access controls and authentication; regular security assessments; incident response procedures including 72-hour breach notification.

Governing Law

This DPA is governed by the laws of the Republic of Moldova, as the registered jurisdiction of Web Direct SRL, consistent with GDPR requirements for processors established in EU-equivalent jurisdictions.

For a signed DPA or to discuss custom terms for your organization, contact us at:

[email protected]