This Data Processing Addendum ("DPA") forms a part of the Customer Terms of Service found at https://fibery.io/terms-of-service - unless the Customer has entered into a superseding written master agreement with Fibery Limited ("Fibery"), in which case, it forms a part of such written agreement (in either case, the "Agreement"). By signing the DPA, the Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its Controller Affiliates (defined below). For the purposes of this DPA only, and except where indicated otherwise, the term "Customer" shall include Customer Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. In the course of providing the Services under the Agreement, Fibery may Process certain Personal Data (such terms defined below) on behalf of the Customer, and where Fibery Processes such Personal Data on behalf of the Customer, the Parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data. The Parties agree that in the event of any conflict between the Agreement and this Addendum, the provisions of this Addendum shall control.
This Addendum will not apply to the processing of Customer Personal Data where such processing is not regulated by EU Data Protection Laws. If Data Protection Laws outside the European Economic Area, Switzerland, or the United Kingdom apply to either Party's processing of Customer Personal Data, the Parties acknowledge and agree that the relevant Party will comply with any obligations applicable to it under those laws with respect to such processing.
NOW, THEREFORE, in consideration of the mutual agreements set forth in this document and for other good and valuable consideration, the receipt and sufficiency of which the Parties both acknowledge, the Parties agree as follows:
Capitalized terms used but not defined in this DPA have the meanings given elsewhere in the applicable Agreement. In this DPA, unless stated otherwise:
"Additional Products" means products, services and applications that are not part of the Services but that may be accessible via user interface or otherwise, for use with the Services.
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
"Amendment Effective Date" means the date on which Customer clicked to accept or the parties otherwise agreed to this DPA in respect of the applicable Agreement.
"Controller" means the entity which determines the purposes and means of the Processing of Personal Data.
"Controller Affiliate" means any of Customer's Affiliate(s)
"Customer Personal Data" means personal data contained within the Customer Data.
"Data Protection Laws" means all laws and regulations, including laws and binding regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
"Data Subject" means the identified or identifiable person to whom Personal Data relates.
"EU Data Protection Laws" means all laws and regulations of the European Union, the European Economic Area, their member states, and the United Kingdom, applicable to the processing of Personal Data under the Agreement, including (where applicable) the GDPR;
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
"Data Protection Officer (DPO)" means the individual appointed by Fibery under Article 37 GDPR, contactable at gdpr@fibery.io.
"Personal Data" means any Customer Data that relates to an identified or identifiable natural person, to the extent that such information is protected as personal data under applicable Data Protection Laws.
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Processor" means the entity which Processes Personal Data on behalf of the Controller.
"Security, Privacy and Architecture Documentation" means Fibery's documentation describing its technical and organizational security measures, as updated from time to time and made available to Customer upon request or via the Service.
"Standard Contractual Clauses" means the standard data-protection clauses adopted by the European Commission under Decision (EU) 2021/914 of 4 June 2021 (Module Two – Controller to Processor), as reproduced in Exhibit D of this DPA. These Clauses are incorporated by reference and form part of this DPA. Where required under applicable Data-Protection Laws, the Parties shall execute or otherwise be deemed to have executed the Standard Contractual Clauses, which have been pre-signed by Fibery Ltd as the data importer.
"Sub-Processor" means any entity engaged by Fibery or its affiliates to Process Personal Data in connection with the Services.
"Supervisory Authority" means an independent public authority which is established by an EU Member State pursuant to the GDPR.
"Term" means the period from the Amendment Effective Date until the end of Fibery's provision of the Services under the applicable Agreement, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Fibery may continue providing the Services for transitional purposes.
The terms "personal data", "data subject", "processing", "controller", "processor" and "supervisory authority" as used in this DPA have the meanings given in the GDPR, and the terms "data importer" and "data exporter" have the meanings given in the Standard Contractual Clauses, in each case irrespective of whether EU Data Protection Laws or other Data Protection Laws apply.
The Parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, Fibery is the Processor and that Fibery or its Affiliates will engage Sub-Processors pursuant to the requirements set forth in Section 4 below. List of sub-processors is provided in Exhibit B.
If the EU Data Protection Laws apply to the processing of Customer Personal Data and Customer is a processor, Customer warrants to Fibery that Customer's instructions and actions with respect to that Customer Personal Data, including its appointment of Fibery as another processor, have been authorized by the relevant Controller.
Customer shall, in its use of the Services and provision of instructions, Process Personal Data in accordance with the requirements of applicable Data Protection Laws. For the avoidance of doubt, Customer's instructions for the Processing of Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data, and the means by which Customer acquired Personal Data.
As the Customer's Processor, Fibery shall only Process Personal Data for the following purposes:
(individually and collectively, the "Purpose").
Fibery acts on behalf of and on the instructions of the Customer in carrying out the Purpose. Fibery does not use Customer Personal Data for training or improving machine-learning models unless expressly authorized in writing by the Customer. AI-related Sub-Processors process only pseudonymized or non-personal data and do not receive Customer end-user authentication credentials or direct database access.
The subject-matter of Processing of Personal Data by Fibery is as described in the Purpose in Section 2.3. The nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Exhibit A (Description of Processing Activities) to this DPA.
This DPA will take effect on the Amendment Effective Date and, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Customer Data by Fibery as described in this DPA.
Fibery shall, to the extent legally permitted, promptly notify Customer if Fibery receives any request from a Data Subject to exercise the following rights in relation to Personal Data: access, rectification, restriction of Processing, erasure ("right to be forgotten"), data portability, objection to Processing, or the right not to be subject to automated individual decision-making (each, a "Data Subject Request"). Taking into account the nature of the Processing, Fibery shall assist Customer by appropriate technical and organizational measures, insofar as possible, to enable Customer to fulfil its obligations to respond to such Data Subject Requests under applicable Data Protection Laws. To the extent the Customer, in its use of the Services, does not have the technical ability to address a Data Subject Request, Fibery shall, upon Customer's request, provide commercially reasonable assistance to support Customer's response, to the extent Fibery is legally permitted to do so and such response is required under applicable Data Protection Laws. Fibery will provide such standard assistance through the existing functionality of the Services at no additional charge. Where the Customer requests assistance that is extraordinary, highly resource-intensive, or requires custom or non-standard work, Fibery may charge the Customer reasonable fees for such assistance, provided that (i) such work is not required due to any breach or security incident caused by Fibery, and (ii) the Customer has approved such fees in writing in advance.
Fibery will, in a manner consistent with the functionality of the Service or per request, enable Customer to access, rectify, and restrict processing of Customer Personal Data.
With respect to the Personal Data under this DPA, Fibery warrants that it will:
Customer acknowledges and agrees that:
In either case, Customer agrees to enter into the Standard Contractual Clauses where necessary and acknowledges that Sub-processors may be appointed by Fibery in accordance with Clause 11 of the Standard Contractual Clauses.
A current and continuously updated list of Sub-Processors engaged by Fibery for the Services, including their identities, purposes of processing, and locations, is maintained online at: Sub-Processor List. Fibery will update this Sub-Processor List whenever a new Sub-Processor is engaged or an existing one is replaced, and will provide notice to Customer (for example, by email or through the Service interface) before the new Sub-Processor begins processing Customer Personal Data.
Customer may reasonably object to Fibery using a new Sub-processor (e.g., if making Personal Data available to the Sub-processor may violate applicable Data Protection Law or weaken the protections for such Personal Data) by notifying Fibery promptly in writing within ten (10) business days after receipt of Fibery notice in accordance with the mechanism set out in Section 4.2. Such notice shall explain the reasonable grounds for the objection. In the event Customer objects to a new Sub-processor, as permitted in the preceding sentence, Fibery will use commercially reasonable efforts to make available to Customer a change in the Service or recommend a commercially reasonable change to Customer's configuration or use of the Services to avoid Processing of Personal Data by the objected new Sub-processor without unreasonably burdening Customer. If Fibery is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, either party may terminate without penalty the applicable Service which cannot be provided by Fibery without the use of the objected new Customer any prepaid fees covering the remainder of the term of Service following the effective date of termination, without imposing a penalty for such termination on the Customer.
Fibery shall be liable for the acts and omissions of its Sub-Processors to the same extent Fibery would be liable if performing the Services of each Sub-Processor directly under the terms of this DPA.
Upon Customer request, Fibery shall provide Customer with reasonable cooperation and assistance needed to fulfill Customer's obligation under the GDPR to carry out a data protection impact assessment related to Customer use of the Service, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Fibery. Fibery will provide reasonable standard assistance and existing documentation for such assessments at no additional charge as part of its ordinary compliance support. Where the Customer requests assistance that is extraordinary, highly resource-intensive, or requires the creation of custom or non-standard documentation or the engagement of external resources, Fibery may charge the Customer reasonable fees for such work, provided that (i) such assistance is not required as a result of any breach or security incident caused by Fibery, and (ii) the Customer has approved those fees in writing in advance. Fibery shall provide, upon reasonable request, all necessary documentation (e.g., penetration testing results, technical design descriptions, and security certifications) to support Customer's Data Protection Impact Assessments and Transfer Impact Assessments.
Subject to Section 6.2 (Deferred Deletion), on expiry of the applicable Service, Customer instructs Fibery to delete all Customer Data (including existing copies) from Fibery systems in accordance with applicable law. Fibery will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage of this Customer Data. Without prejudice to Section 9.1 (Access; Rectification; Restricted Processing; Portability), Customer acknowledges and agrees that Customer will be responsible for exporting, before the applicable Service expires, any Customer Data it wishes to retain afterwards.
To the extent any Customer Data covered by the deletion instruction described in Section 6.1 (Deletion on Service Expiry) is also processed, when the applicable Service under Section 6.1 expires, in relation to an Agreement with a continuing Service, such a deletion instruction will only take effect with respect to such Customer Data when the continuing Service expires. For clarity, this DPA will continue to apply to such Customer Data until its deletion by Fibery.
Upon expiration of the Term as well as during the Term of the Agreement, Fibery will provide Customer with access to export Customer Personal Data from the Service.
Customer acknowledges that Fibery Ltd is established within the European Union (Cyprus). For customers based in the EEA (others upon request), Fibery stores Service Data in Amazon Web Services (AWS) EU-Central (Frankfurt, Germany). Fibery may store limited identifying information about a Customer's instance (such as organization ID and configuration metadata) in other AWS regions for operational purposes; such metadata never includes end-user content. Details of hosting and Sub-Processors are set out in Exhibit B.
Fibery shall, to the extent permitted by law, notify Customer without undue delay and, where feasible, not later than 72 hours after Fibery or any Sub-Processor becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information, to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
Fibery shall cooperate with the Customer and take reasonable commercial steps to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
Fibery shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality, and integrity of Customer Data, as set forth in the Security, Privacy and Architecture Documentation. Fibery regularly monitors compliance with these measures and will provide the Customer with supporting documentation, such as audit information, where applicable. Fibery will not materially decrease the overall security of the Service during a Service subscription term. Additional information is provided in the Standard Contractual Clauses. Fibery takes reasonable steps to ensure that only authorized personnel have access to such Personal Data and that any persons whom it authorizes to have access to the Personal Data are under obligations of confidentiality. Upon Customer request, Fibery shall provide a current SOC 2 Type II report certificate summary covering the Services, and a bridge letter where applicable, under confidentiality.
gdpr@fibery.io
Fibery Limited
28 Oktovriou, 2, Flat/Office 101
Egkomi, Makedonitissa, 2414
Nicosia, Cyprus
Fibery shall make available to the Customer, upon request, all information necessary to demonstrate compliance with this DPA and applicable Data Protection Laws, and shall allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer in relation to the Processing of Customer Personal Data.
Fibery maintains an independent SOC 2 Type II audit of its information-security controls on an annual basis, performed by an accredited external auditor under AICPA standards. The audit window runs approximately from 28 September of each calendar year to 27 September of the following year, with the final report typically issued within 90 days following the audit period. A summary or bridge letter of the current SOC 2 Type II report will be made available to Customers under a non-disclosure agreement upon written request.
The transferred personal data concerns the following categories of data subjects: the Data Exporter's end users including employees and contractors; the personnel of the Data Exporter's customers, suppliers and subcontractors.
The transferred personal data concerns the following categories of data: personal data submitted, stored or sent by the Data Exporter or its end users via the Services including identification and contact data (name, address, title, email, userID); employment details where provided (employer, job title); IT information (IP addresses, usage data, cookies data).
None
The transferred personal data will be processed in accordance with the Agreement and may be subject to the following processing activities:
List of current Fibery Sub-Processors as of the Effective Date:
| Core Services Sub-Processors (providing infrastructure hosting or processing significant amount of Customer Personal Data) | ||||
|---|---|---|---|---|
| Sub-processor Name | Purpose of processing | Entity Type | Location of processing | SCC /DPA |
| Amazon Web Services EMEA SARL | Data storage and processing – main hosting provider | Sub-Processor | Germany* | Available |
| SendGrid | Email Delivery for On-Demand Service | Sub-Processor | United States of America | Available |
| Sub-processor Name | Purpose of processing | Entity Type | Location of processing | SCC/DPA |
|---|---|---|---|---|
| Intercom R&D Unlimited Company | Customer support communication (chat and email) | Sub-Processor | Ireland | Available for US entity |
| Tuesday | Data enrichment | Sub-Processor | United States | Available |
| Anthropic, PBC | Fibery AI: Clustering | Sub-Processor | United States | Available |
| Deepgram, Inc | Fibery AI: Transcribing audio files | Sub-Processor | United States | Available |
| OpenAI LLC | Fibery AI: general services | Sub-Processor | United States | Available |
| Pinecone Systems, Inc | Fibery AI: storing embeddings | Sub-Processor | United States | Available |
| Sentry | Application Performance Monitoring & Error Tracking | Sub-Processor | United States | Available |
| PayPal Braintree | Credit card payments | Sub-Processor | United States | Available |
| CHARGEBEE INC | Subscriptions and credits management | Sub-Processor | Ireland | Not applicable |
| Elasticsearch AS | Used for keeping company logs | Sub-Processor | Norway | Not applicable |
| Tableau International, U.C | Visualize Product Trends and Metrics | Sub-Processor | Ireland | Available |
| Fibery, Inc | Customer support, Sales, HQ | Affiliate | United States | Model Contractual Clauses |
* For customers based in the United States (per request), Fibery stores Services Data in the Amazon US data centers. Fibery may store in all data centers identifying information about Customer's instance of the applicable Services only.
The present document supplements the Data Processing Agreement (DPA) between Client and Contractor pursuant to Art 28 GDPR (EU General Data Protection Regulation).
The technical and organisational measures having place in Fibery:
| Physical Access Control | |
|---|---|
| No unauthorised access to data processing systems | Office space: Access via key / RFID chip AWS data centre (Frankfurt): https://aws.amazon.com/compliance/iso-27001-faqs/ |
| System Access Control | |
|---|---|
| No unauthorised system usage |
|
| Data Access Control | |
|---|---|
| No unauthorised reading, copying, modification or removal within the system | Authorisation concepts are updated once a year. Changes and authorisations to the IT system are documented in the ticket system |
| Data Separation Control | |
|---|---|
| Separate processing of data collected for different purposes |
|
| Transfer control | |
|---|---|
| No unauthorised reading, copying, modification or removal during electronic transmission or transport |
|
| Input control | |
|---|---|
| Determining whether and by whom personal data has been entered, modified or removed from data processing systems |
|
| Availability Control | |
|---|---|
|
| Rapid Recovery & Restore | |
|---|---|
| Restoration from backup and system recovery is carried out as required and documented in the ticket system. |
| Organisational Control | |
|---|---|
| Data protection management |
|
| Privacy-friendly Default Settings | |
|---|---|
| (Art. 25 para. 2 GDPR) |
|
| Order Controls | |
|---|---|
| No commissioned data processing within the meaning of Art. 28 GDPR without corresponding instructions from the client, e.g: clear contract design, formalised order management, strict selection of the service provider, obligation to convince in advance, follow-up checks. |
No commissioned data processing within the meaning of Art. 28 GDPR without corresponding instructions from the client, e.g: clear contract design, formalised order management, strict selection of the service provider, obligation to convince in advance, follow-up checks.
(Commission Implementing Decision (EU) 2021/914 of 4 June 2021, Module Two)
1.1 These Standard Contractual Clauses ("SCCs") are entered into between:
(a) Data Exporter (Controller): Customer, as identified in the DPA; and
(b) Data Importer (Processor): Fibery Ltd, 28 Oktovriou 2, Office 101, Egkomi, Makedonitissa, 2414 Nicosia, Cyprus.
1.2 Together, the parties are referred to as the "Parties."
1.3 Capitalized terms not defined herein have the meanings given in the Data Processing Addendum ("DPA").
2.1 These Clauses form part of and are incorporated into the DPA.
2.2 They apply only to the extent Fibery Ltd, established in Cyprus (EU), transfers Customer Personal Data to any Sub-Processor or affiliate located in a country outside the EEA, Switzerland, or the United Kingdom that does not ensure an adequate level of protection within the meaning of Article 45 GDPR.
2.3 Fibery Ltd performs the majority of processing activities within the EEA; these Clauses therefore primarily govern onward transfers of Customer Personal Data to approved Sub-Processors or personnel located outside the EEA (e.g., the United States).
3.1 The Parties agree to be bound by the SCCs under Module Two (Controller → Processor) of Commission Implementing Decision (EU) 2021/914.
3.2 The mandatory text of the SCCs (Sections I–IV) is incorporated herein by reference and supplemented by Annexes I–IV below.
| Role | Party | Address | Contact Details |
|---|---|---|---|
| Data Exporter (Controller) | Customer (as identified in the DPA or Order Form) | ? | ? |
| Data Importer (Processor) | Fibery Ltd | 28 Oktovriou 2, Office 101, Egkomi, Makedonitissa, 2414 Nicosia, Cyprus | privacy@fibery.io |
Activities relevant to the data transferred: The Data Importer provides the Fibery collaboration and knowledge-management platform and related support services under the Agreement, which involves processing of Customer Personal Data as described below.
| Category | Description |
|---|---|
| Data Subjects | Users authorized by the Customer to access or use the Fibery Service (e.g., employees, contractors, consultants, or other natural persons acting on behalf of the Customer), as well as personnel of the Customer's own customers, suppliers, or other business contacts whose information may be included in Customer Data. |
| Categories of Personal Data | Identification and contact data (name, business email, title, company name, job role), account credentials and authentication data, usage and activity logs, support correspondence, and metadata associated with content or work items created, uploaded, or managed in the Fibery platform. |
| Special Categories of Data | None intentionally collected or required by Fibery. Customer may choose to include such data in its own discretion, in which case it remains solely responsible for ensuring a lawful basis and appropriate safeguards. |
| Frequency of Transfer | Continuous and on-demand, as necessary for provision and operation of the Services. |
| Nature and Purpose of Processing | Hosting, storage, structuring, and transmission of Customer Data; enabling collaboration and productivity features of the Fibery platform; providing support, troubleshooting, and service improvements; implementing security monitoring and backup; and other processing necessary to perform the Services under the Agreement. |
| Retention Period | For the duration of the Agreement and up to 180 days after termination, unless a longer period is required by law or agreed for specific archival or dispute-resolution purposes. |
| Subject-Matter of Processing | Processing of Customer Personal Data necessary for the performance of the Fibery Service, technical maintenance, and customer support. |
| Competent Supervisory Authority (overview) | The competent authority of the EU Member State in which the Data Exporter (Customer) is established. |
For the purposes of Clause 13 of the Standard Contractual Clauses:
Fibery Ltd ("Data Importer") maintains a comprehensive information-security and privacy program designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. All measures are implemented in accordance with:
The program is reviewed annually, supported by management oversight, and continuously improved based on risk assessments and audits.
The following controls apply to all processing of Customer Personal Data performed by Fibery Ltd and its authorized Sub-Processors.
(pursuant to Clause 9 of the Standard Contractual Clauses)
Fibery Ltd engages the following Sub-Processors to assist in the provision of the Services and the Processing of Customer Personal Data. Each Sub-Processor is bound by a written agreement containing data-protection obligations providing a level of protection no less stringent than those set forth in this DPA and the Standard Contractual Clauses.
(providing infrastructure hosting or processing a significant amount of Customer Personal Data)
| Sub-Processor Name | Purpose of Processing | Entity Type | Location of Processing | SCC / DPA Status |
|---|---|---|---|---|
| Amazon Web Services EMEA SARL | Data storage and processing – main hosting provider | Sub-Processor | Germany (EU-Central, Frankfurt) * | Available |
| SendGrid (Twilio Inc.) | Email delivery for on-demand service | Sub-Processor | United States | Available |
(providing supporting or internal processing of limited or ancillary Customer Personal Data)
| Sub-Processor Name | Purpose of Processing | Entity Type | Location of Processing | SCC / DPA Status |
|---|---|---|---|---|
| Intercom R&D Unlimited Company | Customer support communications (chat and email) | Sub-Processor | Ireland (EEA) / United States entity | Available |
| Tuesday Inc. | Data enrichment services | Sub-Processor | United States | Available |
| Anthropic PBC | Fibery AI – clustering and text analysis | Sub-Processor | United States | Available |
| Deepgram Inc. | Fibery AI – audio transcription | Sub-Processor | United States | Available |
| OpenAI LLC | Fibery AI – general AI services | Sub-Processor | United States | Available |
| Pinecone Systems Inc. | Fibery AI – vector embeddings storage | Sub-Processor | United States | Available |
| Sentry (Issues IO Inc.) | Application performance monitoring and error tracking | Sub-Processor | United States | Available |
| PayPal Braintree | Credit-card payment processing | Sub-Processor | United States | Available |
| CHARGEBEE Inc. | Subscription and credits management | Sub-Processor | Ireland (EEA) | Not Applicable |
| Elasticsearch AS | Logging and system monitoring | Sub-Processor | Norway (EEA) | Not Applicable |
| Tableau International U.C. | Product analytics and metrics visualization | Sub-Processor | Ireland (EEA) | Available |
| Fibery Inc. | Customer support, sales and corporate HQ activities (affiliate) | Affiliate | United States | SCCs in place (Module Three) |
* For customers based in the United States (on request), Fibery may use AWS US data centres. Identifying metadata (e.g., instance ID or configuration) may be stored globally but never includes end-user content.
All Sub-Processors located outside the EEA, Switzerland or the United Kingdom are bound by appropriate transfer safeguards in accordance with Article 46 GDPR, including execution of the Standard Contractual Clauses (Module Three – Processor → Processor) or equivalent lawful mechanisms.
Fibery Ltd ensures that:
These Clauses shall be governed by the law of the EU Member State in which the Data Exporter is established. Where the Data Exporter is not established within the EU, these Clauses shall be governed by the law of the Republic of Cyprus, being the Member State in which the Data Importer (Fibery Ltd) is established. The chosen law shall permit the recognition and enforcement of third-party beneficiary rights.
Any dispute arising from or in connection with these Clauses shall be resolved by the courts of the EU Member State whose law is chosen under Clause 17. Where the Data Exporter is not established in the EU, the Parties agree that any such dispute shall be brought before the competent courts of the Republic of Cyprus. The Parties consent to the jurisdiction of those courts and waive any objection based on lack of personal jurisdiction or forum non conveniens.
By signing the DPA, the Parties are deemed to have executed these Standard Contractual Clauses, including Annexes I-IV.
| For the Data Exporter (Controller) | For the Data Importer (Processor) |
|---|---|
| Name: | Name: Fibery Ltd |
| Title: | Title: Vadim Gaidukevich, Director |
| Signature: _________________________ | Signature: _________________________ |
| Date: | Date: |
Date of document last update: November 2025