welviro logo

welviro

Professional courses in browser-based social casino game development

Data Processing Agreement

Last Updated: December 17, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between welviro ("Company", "we", "us", or "our") and you ("Customer", "you", or "your") and governs the processing of personal data in connection with the services provided.

1. Definitions

For the purposes of this DPA:

  • Personal Data means any information relating to an identified or identifiable natural person that is processed by the Company on behalf of the Customer.
  • Processing means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • Controller means the entity that determines the purposes and means of Processing Personal Data.
  • Processor means the entity that processes Personal Data on behalf of the Controller.
  • Sub-processor means any third party engaged by the Processor to process Personal Data.
  • Data Subject means the identified or identifiable natural person to whom Personal Data relates.
  • Services means the online education platform and related services provided by the Company.

2. Scope and Applicability

This DPA applies to all Processing activities performed by the Company as a Processor on behalf of the Customer as a Controller in connection with the Services. The Customer acts as the Controller and determines the purposes and means of Processing. The Company acts as the Processor and processes Personal Data only on documented instructions from the Customer.

3. Roles and Responsibilities

3.1 Customer Responsibilities

The Customer shall:

  • Ensure that it has all necessary rights and consents to provide Personal Data to the Company for Processing
  • Provide clear and lawful instructions regarding the Processing of Personal Data
  • Ensure compliance with applicable data protection laws in its capacity as Controller
  • Respond to Data Subject requests and inquiries as required by law
  • Maintain appropriate documentation of Processing activities

3.2 Company Responsibilities

The Company shall:

  • Process Personal Data only on documented instructions from the Customer
  • Ensure that persons authorized to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational measures to protect Personal Data
  • Assist the Customer in responding to Data Subject requests
  • Notify the Customer without undue delay upon becoming aware of a personal data breach
  • Delete or return Personal Data upon termination of Services, unless required by law to retain

4. Data Processing Details

4.1 Nature and Purpose of Processing

The Company processes Personal Data for the purpose of providing the Services, including:

  • Account creation and management
  • Course enrollment and delivery
  • Progress tracking and certification
  • Communication regarding Services
  • Technical support and troubleshooting
  • Service improvement and analytics

4.2 Types of Personal Data

The Company may process the following categories of Personal Data:

  • Contact information (name, email address, phone number)
  • Account credentials (username, encrypted password)
  • Profile information (learning preferences, interests)
  • Educational data (course progress, assignments, grades, certificates)
  • Payment information (billing address, transaction history)
  • Technical data (IP address, device information, browser type, usage logs)
  • Communication data (support inquiries, feedback)

4.3 Categories of Data Subjects

Personal Data processed under this DPA relates to the following categories of Data Subjects:

  • Students and learners using the Services
  • Instructors and content creators
  • Administrative personnel of Customer organizations
  • Representatives and contacts of business customers

4.4 Duration of Processing

Personal Data will be processed for the duration of the Services agreement and thereafter in accordance with our data retention policies or as required by applicable law.

5. Sub-processors

5.1 Authorization

The Customer authorizes the Company to engage Sub-processors to assist in providing the Services. The Company shall ensure that Sub-processors are bound by written agreements that impose data protection obligations no less protective than those in this DPA.

5.2 Sub-processor List

The Company maintains a current list of Sub-processors engaged in Processing Personal Data. Sub-processors may include:

  • Cloud infrastructure providers
  • Content delivery networks
  • Email service providers
  • Payment processors
  • Analytics and monitoring services
  • Customer support platforms

5.3 Changes to Sub-processors

The Company will provide notice to the Customer of any intended changes concerning the addition or replacement of Sub-processors. The Customer may object to such changes within fourteen days of notification if there are reasonable grounds related to data protection. If the parties cannot resolve the objection, the Customer may terminate the affected Services.

6. Security Measures

6.1 Technical and Organizational Measures

The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Logging and monitoring of access to Personal Data
  • Secure development practices and code reviews
  • Regular backup and disaster recovery procedures
  • Employee training on data protection and security
  • Incident response and breach notification procedures

6.2 Security Standards

The Company maintains security practices designed to protect the confidentiality, integrity, and availability of Personal Data. Security measures are reviewed and updated regularly to address evolving threats and vulnerabilities.

7. Data Subject Rights

7.1 Assistance with Requests

The Company shall provide reasonable assistance to the Customer in fulfilling its obligations to respond to Data Subject requests, including:

  • Access requests
  • Rectification requests
  • Erasure requests (right to be forgotten)
  • Data portability requests
  • Objection to processing
  • Restriction of processing

7.2 Direct Requests

If the Company receives a request directly from a Data Subject regarding their Personal Data, the Company will promptly inform the Customer and will not respond to the request without the Customer's prior written consent, except where required by law.

8. Personal Data Breaches

8.1 Notification

The Company shall notify the Customer without undue delay after becoming aware of a personal data breach affecting Personal Data processed under this DPA. Notification will be made to the contact email address provided by the Customer.

8.2 Breach Information

The notification shall include, to the extent available:

  • Description of the nature of the breach
  • Categories and approximate number of Data Subjects affected
  • Categories and approximate number of Personal Data records concerned
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate adverse effects
  • Contact point for further information

8.3 Cooperation

The Company shall cooperate with the Customer and provide reasonable assistance in investigating and remediating the breach, and in fulfilling any obligations to notify supervisory authorities or Data Subjects as required by law.

9. Data Protection Impact Assessment and Prior Consultation

The Company shall provide reasonable assistance to the Customer in ensuring compliance with obligations relating to data protection impact assessments and prior consultation with supervisory authorities, taking into account the nature of Processing and information available to the Company.

10. Deletion and Return of Personal Data

10.1 Upon Termination

Upon termination or expiration of the Services agreement, the Company shall, at the Customer's choice, delete or return all Personal Data to the Customer, and delete existing copies unless storage of Personal Data is required by law.

10.2 Retention Exceptions

The Company may retain Personal Data to the extent required by applicable law or for legitimate business purposes such as:

  • Compliance with legal obligations
  • Resolution of disputes
  • Enforcement of agreements
  • Backup and disaster recovery purposes

Any retained Personal Data shall remain subject to the confidentiality and security obligations of this DPA.

11. Audits and Inspections

11.1 Audit Rights

The Company shall make available to the Customer information necessary to demonstrate compliance with the obligations in this DPA and allow for audits, including inspections, by the Customer or an auditor mandated by the Customer.

11.2 Audit Process

Audits shall be conducted:

  • Upon reasonable prior written notice (not less than thirty days)
  • During regular business hours
  • No more than once per year unless there is a suspected breach
  • In a manner that does not unreasonably interfere with business operations
  • Subject to reasonable confidentiality obligations

11.3 Audit Costs

The Customer shall bear the costs of any audits or inspections unless the audit reveals material non-compliance with this DPA, in which case the Company shall bear reasonable costs.

12. International Data Transfers

12.1 Transfer Mechanisms

If the Company processes Personal Data in territories outside the Customer's jurisdiction, the Company shall ensure that appropriate safeguards are in place, which may include:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by competent authorities
  • Binding corporate rules
  • Other legally recognized transfer mechanisms

12.2 Transfer Documentation

The Company shall provide documentation evidencing compliance with applicable requirements for international transfers of Personal Data upon reasonable request.

13. Instructions

13.1 Documented Instructions

The Company shall process Personal Data only on documented instructions from the Customer. This DPA and the Terms of Service constitute the Customer's complete instructions regarding Processing as of the effective date.

13.2 Additional Instructions

The Customer may issue additional written instructions that are consistent with the terms of this DPA and the Services agreement. If the Company believes an instruction violates applicable data protection law, it shall promptly inform the Customer.

13.3 Unlawful Instructions

The Company reserves the right to refuse to comply with instructions that it reasonably believes would violate applicable law. The Company shall notify the Customer of its refusal unless prohibited by law.

14. Confidentiality

14.1 Employee Obligations

The Company shall ensure that all employees, contractors, and other personnel who have access to Personal Data are informed of the confidential nature of the Personal Data and have committed to confidentiality obligations or are under appropriate statutory obligations of confidentiality.

14.2 Ongoing Confidentiality

Confidentiality obligations shall survive termination of this DPA and continue for so long as the information remains confidential.

15. Liability and Indemnification

15.1 Liability Allocation

Each party's liability under this DPA shall be subject to the limitations and exclusions of liability set forth in the Services agreement, except where prohibited by applicable data protection law.

15.2 Chain of Liability

Where the Company is liable to the Customer for damages caused by a Sub-processor, the Company shall be liable for the acts and omissions of such Sub-processor to the same extent as if such acts or omissions had been committed by the Company.

16. Term and Termination

16.1 Effective Period

This DPA shall commence on the date the Customer first uses the Services and shall remain in effect until termination of the Services agreement.

16.2 Survival

The following provisions shall survive termination: confidentiality obligations, deletion and return of Personal Data, liability provisions, and any other provisions that by their nature should survive.

17. Governing Law and Dispute Resolution

This DPA shall be governed by and construed in accordance with the same governing law and dispute resolution provisions as specified in the Services agreement, except where mandatory data protection law requires otherwise.

18. Order of Precedence

In the event of any conflict or inconsistency between the provisions of this DPA and the Terms of Service, the provisions of this DPA shall prevail to the extent of such conflict or inconsistency with respect to the Processing of Personal Data.

19. Amendments

The Company may amend this DPA from time to time to reflect changes in data protection laws, industry standards, or business practices. Material changes will be communicated to the Customer with reasonable advance notice. Continued use of the Services after such changes constitutes acceptance of the amended DPA.

20. Severability

If any provision of this DPA is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The parties shall replace the invalid or unenforceable provision with a valid and enforceable provision that achieves the original intent to the greatest extent possible.

21. Contact Information

For questions or concerns regarding this Data Processing Agreement, please contact us:

welviro
2 Eyre St Hill, Holborn
London EC1R 5ET
United Kingdom

Email: contact@welviro.online
Phone: +441782823957

Appendix: Processing Details Summary

Element Description
Subject Matter Provision of online education services for social casino game development
Duration Term of Services agreement plus retention period
Nature of Processing Collection, storage, use, analysis, transmission, deletion
Purpose Service delivery, account management, support, analytics
Personal Data Categories Contact, account, educational, payment, technical data
Data Subject Categories Students, instructors, administrators, business contacts

This Data Processing Agreement is effective as of the date you first access or use our Services and is incorporated into our Terms of Service.

Age Verification Required

Our courses focus on social casino game development for educational purposes. You must be 18 years or older to access this content and learn about browser-based social casino mechanics.

We appreciate your honesty. Please return when you meet the age requirement to explore our educational courses.