WinGuardian.net
Legal Center
Legal & Compliance

Data Processing Agreement (DPA)

Last updated 2026-04-30·3 min read

1. Definitions

"Controller" means the entity which determines the purposes and means of the processing of Personal Data.

"Processor" means the entity which processes Personal Data on behalf of the Controller.

"Data Subject" means the identified or identifiable natural person to whom the Personal Data relates.

"Personal Data" means any information relating to an identified or identifiable natural person.

"Sub-processor" means any third party (including natural persons engaged as independent contractors) appointed by WNGUARDIAN.NET LLC to process Personal Data on behalf of the Controller in connection with the services.

2. Scope and Duration

This Data Processing Agreement ("DPA") applies to the processing of Personal Data by WNGUARDIAN.NET LLC ("Processor") on behalf of the Client ("Controller") in the course of providing services under the Master Services Agreement or Terms of Service. This DPA remains in effect for the duration of the service agreement.

3. Processing of Personal Data

The Processor shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by applicable law. The subject matter, nature, and purpose of the processing are described in the applicable Statement of Work (SOW) or Service Agreement.

4. Confidentiality

The Processor ensures that persons authorized to process the Personal Data — including employees, officers, and independent contractors (whether engaged under a 1099 arrangement or otherwise) — have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

5. Security Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymization, and regular testing of security effectiveness.

6. Sub-processors

The Controller authorizes WNGUARDIAN.NET LLC to engage Sub-processors to assist in providing the services. For the purposes of this DPA, Sub-processors include: (a) third-party service providers engaged by WNGUARDIAN.NET LLC under a vendor or supplier relationship; and (b) independent contractors engaged by WNGUARDIAN.NET LLC on a 1099 basis who are assigned to work on Client projects and who, in the course of that work, may access or process Personal Data belonging to the Controller.

WNGUARDIAN.NET LLC shall inform the Controller of any intended changes concerning the addition or replacement of Sub-processors, thereby giving the Controller a reasonable opportunity to object to such changes. Where WNGUARDIAN.NET LLC engages a Sub-processor, the same data protection obligations as set out in this DPA — including confidentiality, security, and data subject rights obligations — shall be imposed on that Sub-processor by contract. WNGUARDIAN.NET LLC remains liable to the Controller for the performance of Sub-processor obligations under this DPA.

A current list of Sub-processors used in connection with the services is available upon written request to legal@winguardian.net.

7. Data Subject Rights

The Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the data subject's rights under applicable data protection laws (e.g., GDPR, CCPA).

8. Data Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data breach. The notification shall describe the nature of the breach, the categories and approximate number of data subjects concerned, and the likely consequences of the breach.

9. Audit Rights

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

10. Return or Deletion of Data

At the choice of the Controller, the Processor shall delete or return all the Personal Data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless applicable law requires storage of the Personal Data.

Back to Legal Center

WNGUARDIAN.NET LLC