DATA PROCESSING AGREEMENT (DPA)

Consai Web Agency FZ-LLC
Effective Date: 06 April 2026

1. Parties

This Data Processing Agreement (“DPA”) is entered into between:

Controller (Client)
The customer engaging services from Consai

and

Processor
Consai Web Agency FZ-LLC
Ras Al Khaimah Economic Zone (RAKEZ), UAE

2. Purpose

This DPA governs the processing of personal data in connection with services provided by Consai.

3. Scope of Processing

Consai processes personal data solely for:

• Delivery of agreed services
• System operations (AI, CRM, automation)
• Technical support and maintenance

4. Types of Personal Data

Depending on the project, data may include:

• Names
• Email addresses
• Phone numbers
• Business data
• User behavior data
• Technical identifiers (IP, device data)

5. Categories of Data Subjects

• Clients
• Employees of the client
• End-users / customers
• Website visitors

6. Obligations of the Controller (Client)

The Client shall:

• Ensure lawful collection of data
• Provide clear privacy notices
• Obtain necessary consents
• Comply with GDPR / UAE PDPL

7. Obligations of the Processor (Consai)

Consai agrees to:

• Process data only on documented instructions
• Ensure confidentiality of all data
• Implement appropriate technical and organizational measures
• Assist the Controller in compliance obligations

8. Confidentiality

All persons authorized to process data:

• Are bound by confidentiality obligations
• Are trained in data protection practices

9. Security Measures

Consai implements:

• Encryption (SSL / HTTPS)
• Access control systems
• Secure infrastructure
• Data minimization
• Regular system audits

10. Subprocessors

Consai may use subprocessors such as:

• Cloud providers
• Hosting services
• Analytics tools
• CRM platforms

Conditions:

• Subprocessors must meet GDPR/UAE standards
• Client may request a list of subprocessors

11. International Data Transfers

Data may be transferred:

• Between UAE and EU
• To approved service providers

Safeguards include:

• Standard contractual clauses
• Adequate data protection measures

12. Data Retention

Data is retained:

• Only as long as necessary
• According to contractual obligations
• In compliance with legal requirements

13. Data Subject Rights

Consai supports the Client in handling:

• Access requests
• Data deletion
• Corrections
• Objections

14. Data Breach Notification

In case of a data breach:

• Consai will notify the Client without undue delay
• Provide relevant information
• Assist in mitigation

15. Audit Rights

The Client may request:

• Proof of compliance
• Security documentation

16. Liability

• Each party is responsible for its own compliance
• Consai is not liable for:
  • Client misuse of data
  • Illegal data collection by Client

17. Term & Termination

This DPA:

• Remains valid during service engagement
• Ends when services terminate

Upon termination:

• Data is deleted or returned upon request

18. Governing Law

This Agreement is governed by:

• Laws of Ras Al Khaimah
• Applicable UAE Federal Laws
• GDPR (where applicable)

19. Priority

In case of conflict:

This DPA overrides other agreements regarding data protection

20. Contact

Consai Web Agency FZ-LLC
RAKEZ, United Arab Emirates

Email: info@consaiagency.com