Data Processing Agreement (GDPR)

This Data Processing Agreement (“DPA”) accompanies the Evalato Terms of Service, available at, and is part of an agreement (“Agreement”) between you (“The User”) and Weemss Ltd, provider of Evalato software-as-a-service (“The Service”). Capitalized terms used in this Privacy Policy have the meanings given to them in the Terms of Service.

By using Evalato you consent to our Terms of Service, Privacy Policy, and Data Processing Agreement.

This DPA applies to The User of Evalato Software-as-a-Service provided by Weemss Ltd, as a subject to the General Data Protection Regulation (“GDPR”) or any equivalent data privacy legislations (“Applicable Data Protection Laws”), which requires Weemss Ltd to process Personal Data on behalf of The User. 

Herein The User shall also be referenced as “you” and “your”, and Weemss Ltd shall also be referenced as “we”, “us”, “our”, “Evalato” or “The Service”. The terms of this DPA are incorporated into the Evalato Terms of Service between you and Weemss Ltd. This DPA shall control in the event of a conflict between the Terms of Service and this DPA, or a conflict between this DPA and the Terms of Service between us and you.

1. Definitions

1.1 “Data Controller”, “Data Processor”, “processing” and “Personal Data” shall have the meanings ascribed to them in Applicable Data Protection Laws;
1.2 “Security Breach” shall mean any breach of security leading to accidental or unlawful loss, alteration, unauthorized disclosure or access to Personal Data transmitted, stored or processed;
1.3 “Security Measures” shall mean the security measures, both software and hardware, implemented by Weemss Ltd to protect Personal Data against accidental or unlawful loss, alteration, unauthorized disclosure or access to Personal Data transmitted, stored or processed.

2. Data processing

2.1 You are a Data Controller of the Personal Data provided by an individual who registers for or purchases goods and/or services (“The Customer”) from you through Evalato. You agree to process such Personal Data lawfully within the regulations set by Applicable Data Protection Laws.
2.2 We are a Data Processor on your behalf as part of The Service. This includes the parts of The Service where we facilitate the transmission of emails to The Customer, or provide reports and tools that give you valuable insights into the effectiveness of your marketing efforts.
2.3 The processing of Personal Data performed by Evalato under this DPA shall be as follows:
2.3.1 the subject of data processing shall be The Customer;
2.3.2 for the duration as set out in this DPA;
2.3.3 for the purpose of enabling you to manage and/or distribute goods and/or services using The Service; and
2.3.4 the data requested for processing shall be name and email address, as required by Evalato to function properly. Any additional Personal Data is processed if you request such from The Customer via the custom registration form fields provided by Evalato.
2.3.5 the Customer shall be asked to log-in using their Google, LinkedIn, or Facebook profile, in order for Evalato to access the name and email address associated with the corresponding social media profile for the purpose of registering the Customer’s public voting vote.

3. Data processing clauses

3.1 Whenever processing Personal Data on your behalf, we do so only for the purpose of providing The Service to you and for no other purpose, unless required to do otherwise by Applicable Data Protection Laws.
3.2 We hereby instruct The User, and The User agrees, to use data collected and processed through The Service lawfully according to all Applicable Data Protection Laws.
3.3 The User hereby instructs Weemss Ltd, and Weemss Ltd agrees, to process Personal Data only as necessary to perform the obligations of The Service under this DPA and for no other purpose.
3.4 We shall have in place Security Measures to protect the privacy of all Personal Data;
3.5 We shall notify you in the event of a Security Breach without undue delay;
3.6 We shall assist you with your obligations as a Data Controller in relation to Security Breach notification requirements;
3.7 We shall ensure that our personnel is subject to binding obligations of confidentiality with respect to Personal Data;
3.8 We shall make sure our sub-processors listed here (cloud computing company DigitalOcean Inc for data storage and SendGrid for email deliverability) process Personal Data lawfully according to all Applicable Data Protection Laws;
3.9 We shall delete a Customer’s Personal Data at The User’s request, or in the event that The Customer sends a Personal Data deletion request directly to Evalato, unless applicable law requires the storage of such Personal Data.
3.10 You shall be the sole owner of all data collected through Evalato, we will never disclose, share, or sell Personal Data or market to The Customer.
3.11 You consent that our sub-processors listed in section 3.8 can process Personal Data on our behalf as part of The Service.
3.12 You consent to us appointing additional and/or replacement sub-processors to process Personal Data on our behalf if necessary.
3.12.1 We shall give you prior notice of such appointments.
3.12.2 We shall give you the opportunity to object to such changes by contacting [email protected] within 14 days of being notified.
3.12.3 We shall review, respond to, and work to accommodate your objections, as long as these objections are determined to be reasonable and with sufficient supporting detail.
3.12.4 The objection shall be deemed invalid and we shall have no further obligations, if we do not view the objection as providing sufficient supporting detail.
3.13 You can withdraw your consent to this DPA at any time, by sending a request to [email protected] for the deletion of your Evalato account.
3.14 If you request the deletion of your Evalato account, you consent that you shall immediately pay us all amounts owed to Weemss Ltd for using The Service.