Coming Soon

DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement (“Agreement”) is entered into between:

(1) Digital Artisan FZCO (“Data Processor”), provider of the WIFTT platform (“Product”), and
(2) Customer (“Data Controller”), a business using WIFTT to process personal data.

This Agreement forms part of the main Terms of Service between Digital Artisan FZCO and the Customer.

Updated On: 25/12/2025

1. Purpose

The purpose of this Agreement is to ensure that the processing of personal data by Digital Artisan FZCO on behalf of the Customer via WIFTT is compliant with:

  • GDPR (EU & UK) compliance
  • UAE Personal Data Protection Law (PDPL) compliance
  • WhatsApp Business / Meta Platform policies

This includes the collection, storage, and management of personal data, including leads obtained via Meta platforms (Instagram, Facebook, WhatsApp) only with user authorization.

2. Roles and Responsibilities

PartyRoleResponsibilities
CustomerData ControllerDetermines the purposes and means of processing personal data and ensures necessary consents are obtained from data subjects.
Digital Artisan FZCOData ProcessorProcesses personal data only on documented instructions from the Customer, maintains security, and assists the Customer in complying with GDPR, UAE PDPL, and applicable Meta policies.

3. Subject Matter of Processing

  • Collection, storage, and processing of leads from Meta platforms (WhatsApp, Instagram, Facebook)
  • Management of contact information and messages for marketing, automation, and CRM purposes
  • Storage, reporting, and analytics of collected data within WIFTT

4. Categories of Personal Data

  • Contact information: name, phone number, email
  • Social media identifiers (Instagram handle, Facebook ID, WhatsApp number)
  • Messages, comments, story replies, and engagement metadata
  • Usage and behavioral data related to interactions with WIFTT

5. Duration of Processing

  • Digital Artisan FZCO shall process personal data for the duration of the Customer’s subscription, unless a longer retention period is required by law.
  • Upon termination of the Customer’s account, Digital Artisan FZCO will delete or return personal data according to the Customer’s instructions.

6. Customer Instructions

  • WIFTT shall only process data according to the documented instructions of the Customer.
  • Any new processing beyond the documented instructions must be authorized in writing.

7. Data Subject Rights

  • Digital Artisan FZCO will assist the Customer in fulfilling data subject requests, including:
    • Access, rectification, and deletion of personal data
    • Portability of data
    • Objection to processing or restriction of processing
  • Requests will be handled within the timeframes required by GDPR and UAE PDPL.

8. Security Measures

Digital Artisan FZCO shall implement appropriate technical and organizational measures, including but not limited to:

  • Data encryption in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security monitoring, vulnerability management, and backups
  • Confidentiality obligations for all personnel handling personal data

9. Sub-Processors

  • Digital Artisan FZCO may engage sub-processors to provide services, including cloud hosting, analytics, and technical support.
  • A list of sub-processors is maintained and updated at [link/section].
  • Digital Artisan FZCO ensures that sub-processors comply with equivalent data protection obligations, including GDPR and UAE PDPL.

10. Data Breach Notification

  • Digital Artisan FZCO will notify the Customer without undue delay upon becoming aware of a personal data breach.
  • Notification will include relevant details and assistance to mitigate the breach, in compliance with GDPR and UAE PDPL.

11. International Data Transfers

  • Digital Artisan FZCO may transfer personal data outside the UAE or EEA.
  • Transfers will comply with applicable laws, including GDPR adequacy decisions, Standard Contractual Clauses (SCCs), and UAE PDPL requirements.

12. Liability

  • Digital Artisan FZCO is liable for damages resulting from a breach of its obligations as a Data Processor under GDPR, UAE PDPL, or Meta policies.
  • The Customer is responsible for obtaining consent from data subjects and ensuring lawful processing.

14. Termination

  • Upon termination of the Customer’s account, Digital Artisan FZCO shall, at the Customer’s choice:
    • Delete all personal data, or
    • Return all personal data in a structured, commonly used, machine-readable format.

15. Miscellaneous

  • This DPA is governed by the laws applicable to the main Terms of Service, including UAE PDPL where applicable.