Data Processing Agreement (DPA)

of the Website

www.vollwebstudio.co.uk

Updated 10.09.2025

This Data Processing Agreement (“Agreement”) forms part of any contract or service agreement between VOLL-IT LLC and its clients.

By entering into a contract with VOLL-IT LLC, the Client acknowledges and agrees that this DPA applies automatically unless both Parties expressly sign an alternative written data processing agreement.

1. Parties

Controller (the “Client”): [Client company details]

Processor: VOLL-IT LLC, registered in Ukraine with the following details:

  • Registered address: 03680, Kyiv, 2 Pshenicnha Street, Ukraine
  • Company code: 41579914
  • Email: [email protected]
  • Tax status: Corporate income tax payer on general grounds

2. Definitions

  • “Data Protection Laws” – UK GDPR, EU GDPR, the Data Protection Act 2018, and any other applicable data protection laws.
  • “Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject” – as defined in Data Protection Laws.
  • “Sub-processor” – any third party engaged by the Processor to process Personal Data.

3. Subject Matter and Duration

3.1 The Processor shall process Personal Data only as necessary to deliver services under the Main Agreement.

3.2 This Agreement remains effective for the duration of the Main Agreement and for a retention period of 1-12 months thereafter, unless longer retention is required by law.

4. Categories of Data and Data Subjects

  • Data subjects: clients, end users, employees, contractors.
  • Categories of data: name, surname, email, mobile, website address (if provided), IP address, cookies, analytics identifiers, and other personal data supplied by the Controller.

5. Purposes of Processing

The Processor shall process Personal Data solely for:

  • Communication and support
  • Provision of contracted services
  • Marketing and promotional activities (where lawful)
  • Analytics and performance improvement
  • Other lawful purposes expressly instructed in writing by the Controller

6. Legal Bases

Processing shall be based on:

  • Consent of the data subject (e.g., for marketing)
  • Contractual necessity (to deliver services)
  • Legitimate interests (where they do not override data subject rights)
  • Legal obligations (where required by law)

7. Processor Obligations

The Processor agrees to:

  1. a) Process data only on the Controller’s documented instructions.
  2. b) Ensure confidentiality of authorised staff.
  3. c) Implement appropriate technical and organisational measures, including encryption, access control, secure hosting, and regular backups.
  4. d) Notify the Controller without undue delay of any personal data breach.
  5. e) Assist the Controller with data subject rights requests (access, rectification, erasure, portability, restriction, objection).
  6. f) Maintain processing records as required by law.

8. Sub-processors

8.1 The Controller authorises the Processor to use sub-processors (e.g., hosting providers, analytics, advertising platforms).

8.2 The Processor shall ensure sub-processors are bound by equivalent obligations.

8.3 A current list of sub-processors shall be provided upon request.

9. International Data Transfers

Where data is transferred outside the UK/EEA, including to Ukraine, the Processor ensures appropriate safeguards are applied, such as:

  • Standard Contractual Clauses (SCCs) with the UK Addendum, or
  • Other legally recognised transfer mechanisms approved by the ICO or EU Commission.

10. Data Return and Deletion

Upon termination of the Main Agreement, the Processor shall, at the Controller’s choice:

  • Delete all Personal Data, or
  • Return all Personal Data and then delete copies, unless retention is required by law.

11. Audit Rights

The Controller may request reasonable evidence of compliance. If necessary, audits may be conducted with prior notice and subject to confidentiality.

12. Liability

Each Party is liable for its own breaches of this Agreement or applicable Data Protection Laws.

The Processor is not liable for processing carried out strictly in accordance with the Controller’s documented instructions.

13. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of Ukraine. Any disputes arising from or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of Ukraine.

For the avoidance of doubt, VOLL-IT LLC shall comply with applicable data protection laws, including the UK GDPR and EU GDPR, to the extent that they apply to the processing of personal data of UK or EU residents.