Age Verification Required

This site provides educational resources about browser-based social casino game development. You must be at least 18 years old to access this content.

Please return when you meet the age requirement. This content is intended for adults only.
dorvix logo
dorvix

Data Processing Agreement

Last Updated: June 14, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between dorvix ("Processor") and the customer ("Controller") for the provision of browser-based social casino game creation services.

1. Definitions and Interpretation

In this Agreement, the following terms shall have the meanings set out below:

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • Data Subject: The individual to whom Personal Data relates.
  • Sub-processor: Any third party appointed by the Processor to process Personal Data on behalf of the Controller.
  • Services: The browser-based social casino game creation services provided by dorvix as described in the applicable agreement.

2. Scope and Applicability

This DPA applies to all Processing of Personal Data by the Processor on behalf of the Controller in connection with the Services. The Processor shall process Personal Data only as necessary to provide the Services and in accordance with the Controller's documented instructions.

The nature and purpose of Processing, types of Personal Data, and categories of Data Subjects are detailed in Appendix A of this Agreement.

3. Controller and Processor Obligations

3.1 Controller Instructions

The Processor shall process Personal Data only on documented instructions from the Controller, unless required to do so by applicable law. If the Processor believes an instruction infringes applicable data protection laws, it shall immediately inform the Controller.

3.2 Processor Obligations

The Processor shall:

  • Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Respect the conditions for engaging Sub-processors as set out in this Agreement.
  • Assist the Controller in responding to requests from Data Subjects exercising their rights.
  • Assist the Controller in ensuring compliance with security obligations, data breach notification, data protection impact assessments, and prior consultations with supervisory authorities.
  • Delete or return all Personal Data to the Controller at the end of the provision of Services, unless retention is required by law.
  • Make available to the Controller all information necessary to demonstrate compliance with this Agreement.

4. Security Measures

The Processor shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage, alteration, or disclosure. Such measures include:

  • Encryption of Personal Data in transit and at rest where appropriate.
  • Regular security assessments and penetration testing.
  • Access controls ensuring that only authorized personnel can access Personal Data.
  • Logging and monitoring of systems processing Personal Data.
  • Regular backup procedures and disaster recovery capabilities.
  • Security awareness training for personnel with access to Personal Data.

5. Sub-processing

5.1 Authorization

The Controller provides general authorization for the Processor to engage Sub-processors. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of Sub-processors, giving the Controller the opportunity to object to such changes within fourteen days of notification.

5.2 Sub-processor Requirements

Where the Processor engages a Sub-processor, the Processor shall:

  • Impose on the Sub-processor the same data protection obligations as set out in this DPA through a written contract.
  • Remain fully liable to the Controller for the performance of the Sub-processor's obligations.
  • Conduct appropriate due diligence to ensure the Sub-processor can provide sufficient guarantees regarding security and compliance.

5.3 Current Sub-processors

A list of current Sub-processors is available upon request by contacting help@dorvix.online.

6. Data Subject Rights

The Processor shall, to the extent legally permitted, promptly notify the Controller if it receives a request from a Data Subject to exercise their rights under applicable data protection laws. The Processor shall:

  • Provide reasonable assistance to enable the Controller to respond to such requests within required timeframes.
  • Not respond to such requests directly without the Controller's prior written authorization, except to confirm that the request relates to the Controller.
  • Implement appropriate technical measures to facilitate the Controller's compliance with Data Subject rights, including rights of access, rectification, erasure, restriction, portability, and objection.

7. Data Breach Notification

The Processor shall notify the Controller without undue delay and in any event within forty-eight hours of becoming aware of a Personal Data breach affecting the Controller's data. The notification shall include:

  • A description of the nature of the breach, including the categories and approximate number of Data Subjects and Personal Data records concerned.
  • The name and contact details of the data protection officer or other contact point for further information.
  • A description of the likely consequences of the breach.
  • A description of measures taken or proposed to address the breach and mitigate its possible adverse effects.

The Processor shall cooperate with the Controller and provide reasonable assistance in investigating and remediating the breach, and in fulfilling any obligation to report or inform Data Subjects of the breach.

8. Data Protection Impact Assessment and Prior Consultation

The Processor shall provide reasonable assistance to the Controller with data protection impact assessments and prior consultations with supervisory authorities, taking into account the nature of Processing and information available to the Processor.

9. Deletion and Return of Data

Upon termination or expiration of the Services, or upon the Controller's written request, the Processor shall:

  • Delete or return all Personal Data to the Controller, including copies, unless applicable law requires continued storage.
  • Certify in writing that it has complied with this obligation.
  • Require Sub-processors to delete or return Personal Data in accordance with the same requirements.

The Controller may specify the format and method for return of Personal Data. Deletion shall be performed in a secure manner that prevents recovery or reconstruction of the data.

10. Audit Rights

The Processor shall allow for and contribute to audits and inspections conducted by the Controller or an auditor mandated by the Controller, provided that:

  • The Controller provides reasonable advance notice of at least thirty days.
  • Audits are conducted during normal business hours and do not unreasonably interfere with the Processor's operations.
  • Audits do not occur more frequently than once per year unless required by a supervisory authority or in response to a data breach.
  • The Controller and its auditors execute a reasonable confidentiality agreement.
  • The Controller bears all costs associated with such audits unless the audit reveals material non-compliance by the Processor.

11. International Data Transfers

If Personal Data is transferred outside the jurisdiction where it was collected, the Processor shall ensure that:

  • Appropriate safeguards are in place as required by applicable data protection laws.
  • Standard contractual clauses, binding corporate rules, or other approved mechanisms are implemented where required.
  • The Controller is informed of the countries to which Personal Data may be transferred.

12. Records and Documentation

The Processor shall maintain complete and accurate records of all Processing activities carried out on behalf of the Controller, including:

  • Categories of Processing carried out on behalf of the Controller.
  • Details of transfers of Personal Data to third countries or international organizations.
  • A general description of technical and organizational security measures.

Such records shall be made available to supervisory authorities upon request.

13. Term and Termination

This DPA shall commence on the date of acceptance of the Terms of Service and shall continue for the duration of the Services. This DPA shall automatically terminate upon cessation of all Services involving the Processing of Personal Data, subject to the obligations regarding deletion or return of data as specified herein.

14. Limitation of Liability

Each party's liability under this DPA shall be subject to the limitations and exclusions of liability set out in the main Services agreement. Nothing in this DPA shall limit or exclude either party's liability for:

  • Death or personal injury caused by negligence.
  • Fraud or fraudulent misrepresentation.
  • Any other liability that cannot be limited or excluded by applicable law.

15. General Provisions

15.1 Order of Precedence

In the event of any conflict or inconsistency between this DPA and the Terms of Service, this DPA shall take precedence to the extent of such conflict or inconsistency in relation to the Processing of Personal Data.

15.2 Amendments

The Processor may update this DPA from time to time to reflect changes in data protection laws or Processing practices. Material changes will be communicated to the Controller with reasonable advance notice.

15.3 Severability

If any provision of this DPA is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid or unenforceable provision shall be replaced with a valid provision that most closely approximates the intent and economic effect of the invalid provision.

15.4 Waiver

No failure or delay by either party in exercising any right under this DPA shall constitute a waiver of that right.

Appendix A: Details of Processing

Nature and Purpose of Processing

Processing of Personal Data is necessary for the provision of browser-based social casino game creation services, including concept development, technical implementation of social casino mechanics, testing, deployment, and ongoing support.

Duration of Processing

Personal Data will be processed for the duration of the Services agreement and for such additional period as may be required by law or as specified in the data retention provisions of this DPA.

Types of Personal Data

  • Contact information (names, email addresses, phone numbers)
  • Account credentials and authentication data
  • Payment and billing information
  • Usage data and analytics
  • Technical data (IP addresses, browser information, device identifiers)
  • Communications and correspondence
  • Any other data provided by the Controller in connection with the Services

Categories of Data Subjects

  • Employees and representatives of the Controller
  • End users of games created through the Services
  • Prospective customers and business contacts
  • Third-party service providers engaged by the Controller

Contact Information

For questions or concerns regarding this Data Processing Agreement, please contact us:

dorvix
31b Manor Farm Rd
Southampton SO18 1NN
United Kingdom

Email: help@dorvix.online
Phone: +441752603607