Edit Content
Get Started
Sing In
Sign In
Get Started
Edit Content
About Us
How it Work
Services
Join Us
FAQ
Blog
Contact Us

DATA PROCESSING AGREEMENT (DPA)

Last updated: October 10, 2025
Entity: World Delete LLC
FEI/EIN: 30-1251788
Registered Address: 4300 Biscayne Blvd, Suite 203, Miami, FL 33137, USA
Contact Email: legal@world-delete.com

1. Purpose and Scope

This Data Processing Agreement (DPA) (hereinafter, the “Agreement”) governs the processing of personal data performed by World Delete LLC (hereinafter, the “Processor”) on behalf of the Client (hereinafter, the “Controller”) during the provision of digital reputation, content removal, and data protection services.

This Agreement is entered into in compliance with:

  • Regulation (EU) 2016/679 (GDPR); and
  • Florida Digital Privacy Act (FDPA).

The Processor shall process personal data only upon documented instructions from the Controller and strictly for the execution of the main service contract

2. Duration

This Agreement remains in force for as long as the Processor processes personal data on behalf of the Controller under the main contractual relationship. Upon termination of such relationship, data will be deleted or returned as provided in Section 10.

3. Nature and Categories of Data

Processing may involve the following categories of data:

  • Identification data: name, address, email, phone number, ID or passport details.
  • Financial or billing data: payment information, transaction records.
  • Digital reputation data: URLs, articles, and online content linked to the client.
  • Technical data: IP addresses, metadata, and access logs.

KYC/AML verification data: facial images and official identity documents.

4. Processor’s Obligations (World Delete)

World Delete agrees to:

  1. Process data solely according to the Controller’s documented instructions.
  2. Ensure that all authorized personnel are bound by confidentiality agreements.
  3. Implement technical and organizational security measures in line with ISO 27001:2022 and ISO 9001:2015 standards.
  4. Assist the Controller in responding to data subject rights requests (access, rectification, erasure, restriction, portability, objection).
  5. Notify the Controller without undue delay of any personal data breach and cooperate in mitigation.
  6. Not engage sub-processors or transfer data without prior authorization from the Controller, except where legally required.
  7. Maintain an updated Record of Processing Activities (RoPA), available upon request by supervisory authorities.

5. Authorized Sub-Processors

The Controller expressly authorizes the following sub-processors for technical and operational purposes only:

Sub-Processor / Provider

Purpose of Processing

Location / Privacy Policy

Amazon Web Services (AWS)

Cloud infrastructure and hosting.

https://aws.amazon.com/privacy/

Contabo GmbH

Secondary hosting and data backup.

https://contabo.com/en/legal/impressum/

Cloudflare, Inc.

DDoS protection, CDN, and performance optimization.

https://www.cloudflare.com/privacypolicy/

Microsoft Corporation

Analytical tools (Clarity) and AI-based reputation analysis.

https://privacy.microsoft.com

Google LLC

Web analytics, Tag Manager, and advertising performance.

https://policies.google.com/privacy

Automattic Inc. (WordPress)

Content management system, plugins, and forms.

https://automattic.com/privacy/

Markets Prolive 360, S.L. (Didit.me)

KYC/AML verification and identity validation.

https://didit.me/privacy-policy

 

World Delete ensures that each sub-processor provides sufficient guarantees of compliance with data protection obligations equivalent to those contained in this Agreement.

6. International Data Transfers

Any transfer of personal data outside the European Economic Area (EEA) will be carried out under:

  • EU Standard Contractual Clauses (SCCs), or
  • Any other equivalent mechanism ensuring adequate data protection.

For providers based in the United States, World Delete verifies adherence to the EU–US Data Privacy Framework, where applicable.

7. Security Measures

World Delete maintains robust security measures consistent with its ISO 27001 and ISO 9001 certifications, including:

  • Encryption of data at rest and in transit (TLS 1.3 / AES-256).
  • Role-based access control and multifactor authentication.
  • Encrypted and redundant backups.
  • Internal audits and penetration testing by Netitude.
  • Continuous monitoring and access logging for critical systems.

8. Assistance to the Controller

World Delete shall assist the Controller in:

  • Handling data breaches and incident notifications.
  • Conducting Data Protection Impact Assessments (DPIAs).
  • Complying with regulatory inquiries or audits.

Costs arising from extraordinary or non-standard assistance may be invoiced upon prior written approval by the Controller.

9. Audits and Verifications

The Controller may request documentary verification or audit evidence of World Delete’s data protection measures. World Delete may provide ISO certificates, Netitude security reports, or equivalent compliance documentation as sufficient evidence. On-site audits must be scheduled at least 30 days in advance and conducted without interfering with operational security.

10. Return or Deletion of Data

Upon termination of the contract, World Delete will, at the Controller’s choice:

  • Securely delete all personal data processed, or
  • Return such data in a structured, commonly used, and machine-readable format.

Deletion will be executed using certified secure wipe methods (3-pass erase) in accordance with ISO 27040, and documented for audit purposes.

11. Confidentiality

All information and data to which World Delete has access under this Agreement shall be treated as strictly confidential. World Delete ensures that its employees and sub-processors are bound by confidentiality and non-disclosure obligations that survive the termination of this Agreement.

12. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of the State of Florida (USA), without prejudice to the mandatory provisions of the EU GDPR. Both parties agree to submit to the courts of Miami-Dade County, Florida, waiving any other jurisdiction. In case of conflict between language versions, the English version shall prevail.