Data Processing Agreement (DPA)

Last Updated: October 27, 2025

This Data Processing Agreement (DPA) is part of the Terms & Conditions of Nihoner.com (“Nihoner”), operated by Edgar Yepremyan. It applies whenever Nihoner processes personal data of users in compliance with the General Data Protection Regulation (GDPR, EU 2016/679).


1) Roles

  • You (the user/customer): Data Controller (you decide which data is shared when using our services).
  • We (Nihoner.com): Data Processor (we store and process data on your behalf).

2) Types of Data Processed

  • Account data (name, email, username).
  • Payment data (billing address, payment method via third-party processors).
  • Learning progress data (lessons completed, scores, achievements).
  • Technical data (IP address, device/browser type, cookies, analytics).

3) Purpose of Processing

We process data solely for:

  • Delivering membership services and digital content.
  • Providing customer support.
  • Maintaining site security and performance.
  • Complying with tax, accounting, and legal obligations.

We do not sell or misuse your personal data.


4) Sub-Processors

We may use trusted third-party providers (“Sub-Processors”), including:

  • Payment gateways (e.g., Stripe, PayPal).
  • Hosting providers.
  • Analytics providers (Google Analytics, Consent Mode v2).
  • Email delivery services.

All Sub-Processors are bound by GDPR-compliant agreements.


5) Security Measures

We take appropriate technical and organizational measures, including:

  • SSL encryption of data in transit.
  • Secure password storage (hashed and salted).
  • Access control for staff and admins.
  • Regular monitoring and updates.

6) Data Subject Rights

Users may request:

  • Access to their data.
  • Correction or deletion of data.
  • Restriction of processing.
  • Data portability.

Requests must be sent to 📧 [email protected]. We respond within 30 days as required by GDPR.


7) Data Retention

  • Account data: kept as long as the user has an active account.
  • Payment data: kept for the legally required period (e.g., tax law: 5–10 years).
  • Learning data: kept until account deletion.
  • Backups: rotated regularly and deleted after use.

8) International Transfers

If data is transferred outside the EU/EEA, we ensure adequate protection under GDPR Chapter V (e.g., Standard Contractual Clauses, EU-US Data Privacy Framework).


9) Breach Notification

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by GDPR.


10) Governing Law

This DPA is governed by the laws of Poland. Any disputes shall be resolved in the courts of Warsaw, Poland.