Data Processing Agrement
DPA
This Data Processing Agreement (the “DPA”) governs the processing of personal data between:
Wonder Makers s.r.o., with its registered office at Mezibranská 1668/5, 110 00 Prague – Nové
Město, Czech Republic, Company ID No.: 17844576, VAT ID: CZ17844576
(the “Processor”)
and
the user of the Fubi service
(the “Controller”)
(together, the “Parties”)
This DPA forms an integral part of the Terms & Conditions governing the use of the Fubi service
(the “Service”).
1.1 The Processor processes personal data on behalf of the Controller in connection with the provision of the Service.
1.2 The processing may include, in particular:
feedback data (e.g., comments, annotations, notes),contact data (e.g., email address),
visual and functional context (e.g., page URL, element position),
limited technical data (e.g., device type, browser),
data submitted by the Controller through the Service.
1.3 The Service is designed as a feedback and collaboration tool and is not intended for systematic tracking or profiling of individuals.
1.4 The processing does not intentionally include special categories of personal data unless explicitly provided by the Controller.
2.1 The processing may include, in particular:
providing and operating the Service,
enabling feedback functionality (e.g., annotations and comments),
ensuring the technical operation and security of the Service.
Roles of the Parties
3.1 The Controller determines the purposes and means of the processing of personal data.
3.2 The Processor processes personal data only on documented instructions from the Controller, as set out in this DPA and the Terms.
3.3 With respect to data collected through the implementation of a script:
the Controller acts as the controller,
the Processor acts as the processor.
The Processor undertakes to:
process personal data only in accordance with the Controller’s instructions,
ensure that persons authorised to process personal data are bound by confidentiality,
implement appropriate technical and organisational measures to protect personal data,
not process personal data for its own purposes,
not record form inputs, text entries, or sensitive data unless explicitly included in feedback,
not engage in hidden monitoring or behavioural tracking beyond the functionality of the Service.
5.1 The Controller authorises the Processor to engage sub-processors.
5.2 The Processor shall ensure that sub-processors are subject to obligations equivalent to those set out in this DPA.
5.3 An up-to-date list of sub-processors is available at: www.fubi.dev/security
The Processor may transfer personal data outside the European Economic Area, provided that appropriate safeguards are implemented, including:
Standard Contractual Clauses (SCC), or
other lawful transfer mechanisms under GDPR.
7.1 The Processor implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
7.2 In the event of a personal data breach, the Processor shall:
notify the Controller without undue delay,
provide reasonable assistance in addressing the incident.
The Processor shall provide reasonable assistance to the Controller in fulfilling its obligations under applicable data protection laws, including:
responding to requests from data subjects,
ensuring compliance with GDPR obligations.
Processing shall continue for the duration of the provision of the Service.
Upon termination of the Service, the Processor shall:
delete personal data, or
return personal data to the Controller,
unless retention is required by applicable law.
Technical data and backups may be retained for a limited period where necessary for security or legal obligations.
The Processor shall, upon reasonable request, make available to the Controller information necessary to demonstrate compliance with this DPA.
12.1 This DPA shall be governed by the laws of the Czech Republic.
12.2 In the event of any conflict between this DPA and the Terms, this DPA shall prevail with respect to data protection matters.
12.3 This DPA becomes effective upon the Controller’s use of the Service
