Data Processing Agreement (DPA)

Last update: 27/03/2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between TheNextLevel Studio OÜ (“MagicHow”, “Processor”, “we”, “us”) and the customer using the Service (“Customer”, “Controller”).

This DPA applies where MagicHow processes personal data on behalf of the Customer in connection with the provision of the Service.

1. Roles of the Parties

For the purposes of applicable data protection laws, including the General Data Protection Regulation:

  • The Customer acts as the data controller.
  • MagicHow acts as the data processor.

2. Scope and Purpose of Processing

MagicHow processes personal data solely to:

  • provide, operate, and maintain the Service.
  • support and improve the Service.
  • ensure security and prevent abuse.

Processing is carried out only in accordance with the Customer’s instructions, as reflected in the use of the Service, the Terms of Service and this DPA.

3. Types of Personal Data and Data Subjects

Depending on use of the Service, personal data may include:

  • account information (e.g., name, email address).
  • user-generated content.
  • technical and usage data (e.g., logs, device, interactions).

Data subjects may include:

  • Customer’s users.
  • individuals whose data appears in content processed through the Service.

4. Processor Obligations

MagicHow shall:

  • process personal data only on documented instructions from the Customer.
  • ensure confidentiality of personnel handling personal data.
  • implement appropriate technical and organizational measures.
  • not sell or use personal data for unrelated purposes.

5. Sub-processors

MagicHow may engage third-party service providers (“sub-processors”) to operate and support the Service, including:

  • cloud infrastructure providers (e.g., AWS).
  • analytics providers.
  • AI service providers (where applicable).

MagicHow ensures that sub-processors:

  • are subject to appropriate data protection obligations.
  • process personal data only on behalf of MagicHow.

6. Security Measures

MagicHow implements appropriate technical and organizational measures designed to protect personal data, including:

  • access controls.
  • encryption where appropriate.
  • monitoring and security safeguards.

7. Assistance with Data Subject Rights

Taking into account the nature of processing, MagicHow will provide reasonable assistance to the Customer in responding to data subject requests, including:

  • access.
  • correction.
  • deletion.
  • restriction or objection.

8. Data Breach Notification

MagicHow will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer data and will provide reasonable information to assist in mitigation and compliance.

9. Data Retention and Deletion

Upon termination of the Service:

  • personal data will be deleted or returned at the Customer’s request.
  • except where retention is required for legal, compliance, backup, or archival purposes.

10. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), MagicHow ensures that appropriate safeguards are in place in accordance with applicable data protection laws.

11. Liability

Each party’s liability under this DPA is subject to the limitations set out in the Terms of Service.

12. Updates to this DPA

MagicHow may update this DPA to reflect changes in the Service or applicable law. Updated versions will be published on this page.

13. Contact

For questions regarding this DPA or data processing: privacy@magichow.co