RN
Video Plugins

Data Processing Addendum

This Data Processing Addendum ("DPA") is entered into by and between the entity you represent ("Client," "You," or "Data Controller") and The Widlarz Group sp. z o.o. ("We," "Us," "Our," or "Data Processor").

This DPA is incorporated into and forms an integral part of our Terms of Service. It governs the processing of personal data submitted by you as a Data Controller in connection with your use of our Services.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "End-User Data" means the Personal Data of your end-users that we process on your behalf.
  • "Processing" means any operation performed on Personal Data, such as collection, storage, and analysis.
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.
  • Other capitalized terms have the meanings set forth in the Terms of Service.

2. Processing of End-User Data

  • Roles of the Parties: With respect to End-User Data, you are the Data Controller and we are the Data Processor.
  • Controller's Instructions: We will process End-User Data only on your documented instructions. This DPA and the Terms of Service constitute your complete and final instructions to us.
  • Details of Processing:
    • Subject Matter: The provision of analytics services for the Software as described in the Terms of Service.
    • Duration: For the term of the Agreement between you and us.
    • Nature and Purpose: To collect, store, and analyze data to provide you with analytics, verify your license, and monitor the performance of the Software on your behalf.
    • Categories of Data Subjects: End-users of your mobile applications.
    • Types of Personal Data Processed:
      • Device and Application Identifiers: Device ID (e.g., identifierForVendor, ANDROID_ID), Application ID (e.g., bundleIdentifier, packageName).
      • Usage Data: API key, URLs of downloaded files, video metadata, download and impression statistics, storage information.
      • Technical Data: DRM information and associated HTTP headers.

3. Security Measures

We will implement and maintain appropriate technical and organizational measures designed to protect the security, confidentiality, and integrity of End-User Data, including measures to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes, where appropriate, measures such as encryption of data and ensuring access controls are in place.

4. Subprocessors

You provide a general authorization for us to engage third-party subprocessors to process End-User Data on your behalf. Our current subprocessors are listed in our Privacy Policy. We will notify you of any new subprocessor before authorizing them to process End-User Data, giving you an opportunity to object. We will ensure that our subprocessors are bound by data protection obligations at least as protective as those in this DPA.

5. International Data Transfers

We will only transfer End-User Data outside the European Economic Area (EEA) in compliance with the mechanisms detailed in our Privacy Policy, which currently include the EU-U.S. Data Privacy Framework (DPF) and/or the European Commission's Standard Contractual Clauses (SCCs).

6. Assistance to Controller

We will provide reasonable assistance to you in fulfilling your obligations under GDPR, including responding to data subject rights requests from your end-users and in notifying you of any data breach concerning End-User Data without undue delay.

7. Data Deletion

Upon termination of the Services, we will delete all End-User Data from our systems within a commercially reasonable period, unless applicable law requires its retention.

8. Audits

Upon your reasonable request, we will make available to you all information necessary to demonstrate our compliance with the obligations laid down in this DPA.

Last updated: 2025-07-23