Effective Date: August 3, 2025
Last Updated: August 3, 2025

This Data Processing Agreement (“Agreement”) forms part of the Terms of Use between the User (the “Data Controller”) and Primavera LLC, located at 30 N Gould St Ste N, Sheridan, WY 82801, USA (the “Data Processor”).

This Agreement sets out the terms and conditions under which the Data Processor processes personal data on behalf of the Data Controller in accordance with Article 28 of the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

1. Subject Matter and Duration

The Data Processor shall process personal data solely for the purpose of providing services on the Verbaspark platform (verbaspark.com). This Agreement shall remain in force for as long as the Data Processor processes personal data on behalf of the Data Controller.

2. Nature and Purpose of Processing

The Data Processor will process personal data to enable:

• Creation and management of digital business cards, CVs, portfolios, products, and bookings

• Secure account access and user authentication

• Communication with users and visitors

• Analytics and performance monitoring

• E-commerce features including sales, payments (via Stripe), and invoicing

The Data Processor shall not process personal data for any other purpose unless explicitly instructed by the Data Controller in writing.

3. Types of Personal Data

The types of personal data processed include, but are not limited to:

• Name, surname

• Contact information (email, phone number, address)

• Profile image and biography

• Work experience and education details

• Uploaded media files (e.g., images, videos, documents)

• Payment-related data (processed by third parties such as Stripe)

•  

4. Categories of Data Subjects

The data subjects include:

• Registered users (individuals or businesses)

• Visitors to published digital cards, CVs, and public profiles

• Customers engaging in sales transactions via the platform

5. Obligations of the Data Processor

The Data Processor agrees to:

• Process data solely based on documented instructions from the Data Controller

• Ensure confidentiality of all personal data processed

• Implement appropriate technical and organizational measures to ensure data security

• Provide assistance to the Data Controller in fulfilling data subject rights (access, erasure, rectification, etc.)

• Notify the Data Controller without undue delay in the event of a personal data breach

• Maintain a record of processing activities as required under Article 30(2) GDPR

• Allow for and contribute to audits and inspections, conducted by the Data Controller or a designated auditor, upon reasonable notice

•  

6. Subprocessors

The Data Controller authorizes the use of the following subprocessors:

• Stripe, Inc. – for payment processing

• Amazon Web Services (AWS) – for secure cloud hosting

• Google Analytics – for site performance analysis

• Mailgun Technologies – for email delivery

All subprocessors shall be bound by the same data protection obligations as set out in this Agreement. The Data Processor shall remain fully liable for the performance of its subprocessors.

7. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), the Data Processor shall ensure that such transfers comply with Chapter V of the GDPR. Adequate safeguards such as Standard Contractual Clauses (SCCs) shall be used when required.

8. Return or Deletion of Data

Upon termination of services or upon the Data Controller’s request, the Data Processor shall delete or return all personal data unless otherwise required to retain it under applicable law.

9. Data Breach Notification

In the event of a personal data breach, the Data Processor shall notify the Data Controller without undue delay and provide all necessary information regarding the breach, including mitigation measures and possible consequences.

10. Liability and Indemnity

Each party shall be liable for the damages caused by its breach of this Agreement and/or the GDPR. The Data Processor shall indemnify the Data Controller against any losses, claims, or penalties resulting from its failure to comply with its obligations.

11. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of the United States of America (Wyoming), without prejudice to the mandatory consumer protection laws in the EU where applicable. Any disputes shall be subject to the exclusive jurisdiction of the courts of Sheridan, Wyoming, unless EU consumer law provides otherwise.

📩 Contact

If you have questions about this Data Processing Agreement, please contact:
Email: info@verbaspark.com
Company: Primavera LLC
Registered Address: 30 N Gould St Ste N, Sheridan, WY 82801, USA