Data Processing Agreement 

1. Introduction

This Data Processing Agreement ("Agreement") is entered into between Be Limitless FZ-LLC ("Data Controller") and the undersigned Data Processor, in accordance with the United Arab Emirates Personal Data Protection Law (Federal Decree Law No. 45 of 2021, hereinafter 'PDPL'), governing the protection and processing of personal data.

2. Definitions

- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on personal data, such as collection, use, storage, or erasure.
- Data Controller: The party that determines the purpose and means of processing personal data.
- Data Processor: The party that processes personal data on behalf of the Data Controller.

3. Purpose and Scope

This DPA applies to the processing of personal data for the provision of digital education services, subscription management, customer support, and related operations by the Data Processor.

4. Obligations of the Data Processor

The Data Processor agrees to:
- Process personal data only on documented instructions from the Data Controller;
- Ensure personnel confidentiality;
- Implement technical and organizational security measures;
- Notify the Data Controller of any personal data breach without undue delay;
- Cooperate in fulfilling data subject rights;
- Delete or return personal data upon contract termination;
- Not engage sub-processors without prior written authorization.

5. Obligations of the Data Controller

The Data Controller will:
- Provide clear and lawful processing instructions;
- Ensure the lawfulness of processing and legal basis;
- Respond to data subjects' requests in accordance with GDPR.

6. Sub-Processors

The Data Processor may not subcontract processing activities without prior written approval from the Data Controller. Approved sub-processors shall be contractually bound by obligations equivalent to this DPA.

7. Security Measures

The Data Processor shall implement industry-standard security measures, including encryption, access control, pseudonymization, and disaster recovery protocols.

8. Data Subject Rights

The Data Processor shall promptly assist the Data Controller in responding to data subject requests, including access, rectification, erasure, restriction, portability, and objection.

9. Breach Notification

Any personal data breach must be reported to the Data Controller immediately upon becoming aware, with relevant details and remediation efforts.

10. Audit and Inspection

The Data Controller or a designated auditor may, upon reasonable notice, audit the Data Processor’s compliance with this DPA during normal business hours.

11. Liability and Indemnification

Both parties shall remain liable for damages resulting from their own breach of applicable data protection laws. The Data Processor shall indemnify the Controller for losses caused by unauthorized processing.

12. Governing Law

This DPA shall be governed by the laws of the United Arab Emirates. Any disputes shall be resolved by the courts of Ras Al Khaimah.

13. Contact

For data protection-related inquiries:
General: info@startwithftp.com
Support: support@startwithftp.com
Complaints: complaints@startwithftp.com

 

Last edited:
24 May, 2025