Legal Center

Data Processing Agreement (DPA)

Last updated: March 6, 2026

← Back to Legal Center

Effective for New Customers: February 6, 2026
Effective for Existing Customers: March 11, 2026

Back to Legal Center

This Data Processing Agreement (“DPA”) forms part of and is incorporated by reference into the Master Services Agreement (“Agreement”) between you (“Customer” or “Controller”) and Sitewit Corp, a Florida corporation doing business as Kliken (“Kliken” or “Processor”).

This DPA applies only to the extent that Kliken processes Personal Data on Customer’s behalf as a Processor under Applicable Data Protection Law.

1. Definitions

  • Applicable Data Protection Law means GDPR, UK GDPR, Swiss Federal Act on Data Protection, and any other data protection law applicable to the processing of Personal Data under the Agreement.
  • Personal Data means any information relating to an identified or identifiable natural person processed by Kliken on behalf of Customer.
  • Subprocessor means any third party engaged by Kliken to process Personal Data on Customer’s behalf.

2. Details of Processing

  • Subject Matter: Provision of Kliken’s services, including advertising campaign creation, optimization, reporting, analytics, and customer support.
  • Duration: For the term of the Agreement and any lawful retention period.
  • Nature and Purpose: Processing necessary to provide, secure, maintain, and improve the Services.
  • Categories of Data Subjects: Customer’s authorized users, business contacts, and end users interacting with Customer’s advertising and properties.
  • Types of Personal Data: Identifiers, contact details, online identifiers, usage and analytics data, conversion and event data, and other data submitted by Customer.

Customer remains responsible for determining the purposes and means of processing and for ensuring a lawful basis for processing Personal Data.

3. Processing on Documented Instructions

Kliken shall process Personal Data only on documented instructions from Customer, including as necessary to provide the Services, unless required to do otherwise by applicable law.

4. Confidentiality

Kliken shall ensure that persons authorized to process Personal Data are subject to appropriate confidentiality obligations.

5. Security

Kliken shall implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

6. Subprocessors

6.1 General Authorization

Customer grants Kliken a general authorization to engage Subprocessors.

6.2 Subprocessor List

A current list of Subprocessors is maintained at: /subprocessors/.

6.3 Changes and Objection

Kliken will notify Customer of changes to Subprocessors. Customer may object on reasonable data protection grounds within 30 days of notice.

6.4 Subprocessor Obligations

Kliken shall impose data protection obligations on Subprocessors no less protective than those in this DPA.

7. Assistance

Kliken shall provide reasonable assistance to Customer in responding to data subject requests and fulfilling obligations relating to security, breach notifications, impact assessments, and regulatory consultations.

8. Personal Data Breaches

Kliken shall notify Customer without undue delay after becoming aware of a Personal Data Breach involving Personal Data processed on Customer’s behalf.

9. International Data Transfers

Personal Data may be processed in the United States or other jurisdictions where Kliken or its Subprocessors operate. Where required, transfers shall be governed by appropriate safeguards, including the EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, and/or Swiss-recognized transfer mechanisms.

10. Return and Deletion

Upon termination of the Services, Kliken shall delete or return Personal Data, except where retention is required by applicable law.

11. Compliance Information and Audits

Kliken shall make available information reasonably necessary to demonstrate compliance with this DPA. Any audit rights shall be exercised only where required by applicable law and subject to reasonable limitations.

12. Order of Precedence

In the event of conflict between this DPA and the Agreement, this DPA shall control solely with respect to data protection obligations.

13. Contact

Kliken (Processor)
Sitewit Corp (d/b/a Kliken)
4830 W. Kennedy Blvd., Tampa, FL 33609, USA
Email: privacy@kliken.com

EU / UK / Swiss Representative (Article 27 GDPR)

Kliken has appointed DataRep as its representative pursuant to Article 27 of the EU GDPR, Article 27 of the UK GDPR, and the Swiss Federal Act on Data Protection.

DataRep
77 Camden Street Lower
Dublin D02 XE80
Ireland
Email: kliken@datarep.com