Nibbitt | Data Processing Addendum

1. Protection of Personal Data
When using Nibbitt, both parties collect and process information about individuals (e.g., profile visitors and individuals in your content). European laws, referred to as EU Data Protection Laws, govern and protect such data.

This Data Processing Addendum (DPA) applies if your use of Nibbitt is subject to EU Data Protection Laws. It supplements the Terms and takes precedence if there is any conflict.

2. Responsibilities
The roles and responsibilities under this DPA depend on whether either party acts as a controller or processor of personal data under EU Data Protection Laws.

As a controller, you or we decide the purpose and means of processing personal data.
As a processor, Nibbitt processes personal data on your behalf as a controller.

Controller and Processor Roles

Role	You (Controller)	Nibbitt (Controller/Processor)
Controller	Responsible for personal data in content you generate/post and Profile Data relating to profile visitors.	Processes Profile Data for purposes such as analytics, applying sensitive content warnings, and ensuring platform functionality.
Processor	N/A	Acts on your behalf for posting content, facilitating interactions, and implementing features like link-lock functionality.

3. Controller Services
Both parties have specific obligations under EU Data Protection Laws regarding the Controller Services:

Obligation	Nibbitt Responsibilities	Your Responsibilities
Legal Basis	Relies on legitimate interests for performing Controller Services.	Ensure a valid legal basis for your processing activities.
Providing Information	Details processing activities in its Privacy Notice.	Notify individuals of your data processing activities, including those facilitated by Nibbitt.
Data Subject Rights Requests	Addresses rights requests for data processed under Controller Services and assists you, upon request, with your compliance obligations.	Promptly forward rights requests or supervisory communications to Nibbitt (within 7 days) and provide reasonable assistance upon request.
Securing Profile Data	Implements technical and organizational measures to protect Profile Data.	Maintain secure credentials and avoid actions that could compromise data security.

4. Processor Services
You will fulfill your obligations as a controller, while Nibbitt will act as a processor, adhering to the following terms:

Process Data: Follows instructions and processes data solely for the Permitted Purpose.
Confidentiality: Ensures authorized personnel maintain confidentiality.
Data Security: Implements safeguards to protect against data breaches or unauthorized access.
Data Breaches: Notifies you promptly of confirmed breaches involving Profile Data.
Subprocessors: May engage third-party subprocessors while maintaining compliance with EU Data Protection Laws. You can object to a subprocessor for valid data protection concerns.
Termination: Deletes Profile Data upon account cancellation, except as required by law.
Compliance Verification: Provides documentation verifying compliance upon request.

5. International Data Transfers
Both parties will comply with EU Data Protection Laws for international data transfers. Transfers from the EEA or UK will be governed by the Data Transfer Addendum, which is incorporated into this DPA.

6. Definitions
Key terms like "controller," "processor," "personal data," and "data breach" have meanings consistent with EU Data Protection Laws. Additional definitions are provided in the Terms and the Data Transfer Addendum.