Effective Date: December 31, 2024

This Addendum is incorporated by reference into the Terms of Service located at https://wickedfairytale.com/terms-of-service
 

1. Purpose

This Data Processing Addendum ("DPA") governs how Wicked FairyTale ("Processor") processes personal data on behalf of customers ("Controller") who are subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. Roles of the Parties

- The Customer is the Data Controller.

- Wicked FairyTale is the Data Processor.

- The Customer determines the purposes and means of processing; Wicked FairyTale processes data only on behalf of and under the instructions of the Customer.

3. Nature of Data Processed

- Types of Data: Name, email, location, payment data (via third-party processor), and user interaction details.

- Special Categories: Wicked FairyTale does not knowingly collect special category data (e.g., health, religious belief) unless voluntarily provided.

4. Subject Matter and Duration

This DPA applies for the duration that the Controller uses Wicked FairyTale’s services and remains in effect until data is deleted or returned per Customer request.

5. Processing Instructions

Wicked FairyTale shall:

- Only process data as necessary to deliver services.

- Not sell, rent, or use Customer data for unauthorized purposes.

- Follow documented instructions unless required by law.

6. Security

We implement appropriate technical and organizational measures to ensure data security, including:

- Encryption of stored and transmitted data

- Secure login and access controls

- Regular audits and updates to protect user data

7. Subprocessors

We use trusted subprocessors (e.g., Podia, Stripe, MailerLite) to provide services. A current list of subprocessors is available upon request. We ensure all subprocessors adhere to GDPR standards.

8. Data Subject Rights

We will assist the Controller in responding to EU data subject requests (access, deletion, correction, etc.) within a reasonable time and in compliance with GDPR.

9. Data Transfers Outside the EU

If personal data is transferred outside the EU, such transfers will be governed by appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions recognized by the EU Commission.

10. Data Breach Notification

In the event of a personal data breach, Wicked FairyTale will notify the Controller without undue delay and provide information reasonably necessary to comply with GDPR.

11. Deletion or Return of Data

Upon termination of services, Wicked FairyTale will delete or return personal data at the Controller’s request unless otherwise required by law.

12. Contact

If you have GDPR-related questions or concerns:

📧 Email: help@wickedfairytale.com

📍 Mail: 113 Vera Court, Nicholasville, KY 40356 USA