Data Processing Agreement

Data Processing Agreement (DPA)

Last updated: April 21, 2024

This Data Processing Agreement (“Agreement”) forms part of the Terms and Conditions (“Principal Agreement”) between:

StylizeLab (“Company”, “We”, “Us”, “Our”)

Legal Entity: StylizeLab

Website: https://stylizelab.com

Contact: [email protected]

and

The User (“You”, “Your”),

who provides personal data at (or through) StylizeLab.com under the Principal Agreement.

1. Introduction

This Agreement reflects the parties’ agreement related to the processing of Personal Data in connection with the Company’s services provided under the Principal Agreement to align with applicable data protection laws, such as the General Data Protection Regulation (GDPR).

2. Definitions

Controller means the entity which determines the purposes and means of the Processing of Personal Data.

Processor means the entity which Processes Personal Data on behalf of the Controller.

Personal Data means any information relating to an identified or identifiable natural person.

Processing means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Subject means an identifiable natural person whose Personal Data is processed.

Authorized Sub-Processors has the meaning set forth in Section 5.

3. Processing of Personal Data

3.1 Role of the Parties:

  • The User is the Data Controller of the Personal Data, and the Company is the Data Processor of the Personal Data processed on behalf of the User in the scope of the services provided.

3.2 Subject Matter and Details of Processing:

  • The subject matter of Processing is limited to the Personal Data provided by the User to the Company through the StylizeLab.com website and its associated services.
  • The purpose of Processing Personal Data through the Company’s services is to manage user interactions, improve user experience, execute advertising services, and conduct analytical processes.

4. Obligations of the Processor

The Processor shall:

  • Process Personal Data only based on the documented instructions from the Controller as set out in this Agreement and consistent with the Principal Agreement unless required otherwise by applicable law.
  • Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage, alteration or disclosure.

5. Sub-Processing

The User consents to the Processor using the following Sub-Processors:

  • Google AdSense
  • Google Analytics
  • Pinterest Ads
  • Meta Ads (formerly Facebook Ads)

5.1 Engagement of Sub-Processors:

  • The Processor shall ensure that any Sub-Processors engaged by the Processor respect the same data protection obligations.
  • The Processor shall provide the User with notice of new Sub-Processors and give the User the opportunity to object to such changes.

6. Obligations of the Controller

The Controller shall:

  • Obtain all necessary consents or lawful basis for the Processing of Personal Data.
  • Provide accurate and up-to-date Personal Data to the Processor when necessary to fulfill the obligations laid forth in this Agreement.

7. Data Subject Rights

The Processor shall:

  • Assist the Controller with appropriate technical and organizational measures to fulfill the Controller’s obligations to respond to requests from Data Subjects to exercise their rights.
  • Notify the Controller promptly if any request regarding the Personal Data is received directly from the Data Subjects without responding to that request, unless instructed by the Controller to do so.

8. Data Breach Notification

The Processor shall:

  • Notify the Controller without undue delay after becoming aware of a Personal Data breach.
  • Assist the Controller in meeting its obligation under applicable data protection laws, including providing any information reasonably requested to fulfill data breach reporting obligations.

9. Data Retention

The Processor shall:

  • Retain Personal Data only for as long as necessary to fulfill legitimate business or legal purposes, and then securely dispose of Personal Data per the instructions, unless required otherwise by applicable law.

10. International Transfers

The Processor shall:

  • Ensure that any transfer of Personal Data outside the European Economic Area (EEA) is conducted following applicable data protection laws.
  • Implement adequate safeguards for the protection of Personal Data during international transfers.

11. Miscellaneous

11.1 Governing Law:

This Agreement shall be governed by and construed in accordance with the laws of the United States, specifically by the State of New Mexico.

11.2 Amendments:

Any modifications to this Agreement must be in writing and signed by authorized representatives of both parties.

11.3 Severability:

If any provision of this Agreement is held to be unenforceable or invalid, such provision shall be amended to the minimum extent necessary to make it enforceable or valid, and the remaining provisions shall continue in full force and effect.

12. Contact Information

If you have any questions about this Data Processing Agreement, You can contact us: