Data Processing Agreement (DPA)
Last updated: 2026-03-25
This Data Processing Agreement (“Agreement”) forms part of the Terms of Service and applies when Wantly processes personal data on behalf of the Customer.
1. Parties
This Agreement is entered into between:
– Customer (the data controller)
– UAB “Wantly” (Wantly) (the data processor)
2. Subject Matter
This Agreement governs the processing of personal data by Wantly on behalf of the Customer in connection with the provision of the Service.
3. Roles
For the purposes of GDPR:
– The Customer is the Data Controller
– Wantly is the Data Processor
The Customer determines the purposes and means of processing personal data.
4. Nature and Purpose of Processing
Wantly processes personal data to provide the Service, including:
– managing product and service catalogs
– creating and sharing commercial proposals
– tracking engagement and interactions
– storing contracts and related documents
– facilitating integrations (e.g. payments, communication tools)
5. Categories of Data
Depending on Customer use, data may include:
– contact details (name, email, phone)
– business information
– proposal interaction data (behavior, engagement, scoring)
– contract-related data
– technical data (device, browser)
6. Categories of Data Subjects
– Customer’s clients (B2B and/or B2C)
– Customer’s employees or representatives
7. Processor Obligations
Wantly shall:
– process personal data only on documented instructions from the Customer
– ensure persons authorized to process data are bound by confidentiality
– implement appropriate technical and organizational measures
– assist the Customer in fulfilling GDPR obligations
– notify the Customer of personal data breaches without undue delay
– delete or return personal data upon termination (unless legally required to retain it)
8. Sub-processors
Wantly uses trusted sub-processors, including:
– AWS (hosting)
– HubSpot (CRM, email)
– Intercom (communication)
– Google (analytics)
– Meta (advertising tools)
– payment providers (Stripe, PayPal, Paysera)
Wantly ensures that all sub-processors are bound by data protection obligations.
A current list of sub-processors is available upon request.
9. International Transfers
Where personal data is transferred outside the EEA, Wantly ensures appropriate safeguards, including:
– Standard Contractual Clauses (SCCs) approved by the European Commission
10. Security Measures
Wantly implements appropriate technical and organizational measures, including:
– encryption in transit (HTTPS)
– secure cloud infrastructure (AWS)
– access controls and role-based permissions
11. Assistance to Controller
Wantly shall assist the Customer in:
– responding to data subject requests
– ensuring compliance with security obligations
– conducting data protection impact assessments (where applicable)
12. Audit
Upon reasonable request, Wantly may provide information necessary to demonstrate compliance with this Agreement.
13. Data Breach
In the event of a personal data breach, Wantly shall:
– notify the Customer without undue delay
– provide relevant information available
14. Data Retention and Deletion
Upon termination of the Service:
– personal data shall be deleted or returned
– unless retention is required by law
15. Liability
Each party shall be responsible for its own compliance with applicable data protection laws.
16. Governing Law
This Agreement shall be governed by the laws of the Republic of Lithuania.
17. Contact
For data protection matters: privacy@wantly.eu
