GET STARTED

Data Processing Agreement (DPA)

Effective Date: September 11, 2025
Website: https://onmotiq.com
Processor: The Online Motion L.L.C-FZ (“Onmotiq”)
Registered Office: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.

1. Purpose of This Agreement

This DPA outlines the terms under which Onmotiq (the “Processor”) processes personal data on behalf of its clients (the “Controller”) in connection with digital marketing and web development services. It ensures compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Nature and Scope of Processing

Type of Data Processed:

  • Contact information (e.g., names, email addresses, phone numbers)

  • Website or form data submitted by users

  • Advertising and tracking performance data

Purpose of Processing:

  • Running paid marketing campaigns (Google Ads, Meta Ads, etc.)

  • Generating qualified leads

  • Building websites with integrated forms and analytics

  • Managing communications and follow-ups

3. Duration of Processing

Personal data will only be processed during the course of the service agreement and will be deleted or returned upon termination unless legal obligations require otherwise.

4. Obligations of the Processor (Onmotiq)

Onmotiq shall:

  • Only process data on documented instructions from the Controller

  • Ensure confidentiality and train any personnel who access the data

  • Implement appropriate technical and organizational security measures

  • Not subcontract data processing without prior notice, except for authorized tools (see Section 6)

5. Obligations of the Controller (Client)

The Controller is responsible for:

  • Ensuring lawful collection and sharing of data with Onmotiq

  • Informing data subjects about their data rights and this arrangement

  • Keeping a lawful basis for processing (e.g., consent)

6. Subprocessors

Onmotiq may use the following third-party services to process data securely:

SubprocessorPurposeLocation
Google WorkspaceEmail, documentsEU/US
HubSpotCRM and lead formsEU/US
CalendlyMeeting scheduling & lead captureUS
Meta (Facebook/IG)Ad platformGlobal
Google Ads/AnalyticsAds & trackingGlobal

All subprocessors are GDPR-compliant and use Standard Contractual Clauses (SCCs) where applicable.

7. Security Measures

Onmotiq implements:

  • Access controls and secure password policies

  • HTTPS encryption

  • Regular monitoring of tools and plugins

  • Data minimization principles (only collecting what’s needed)

8. Data Subject Rights

Onmotiq will assist the Controller in fulfilling their GDPR obligations, including:

  • Responding to requests for access, rectification, or deletion of personal data

  • Informing data subjects of breaches if applicable

9. Breach Notification

In case of a data breach affecting personal data, Onmotiq will inform the Controller within 48 hours of becoming aware, including:

  • Nature of the breach

  • Categories and number of data subjects affected

  • Mitigation steps taken

10. Data Transfers

Where data is transferred outside the EEA, Onmotiq ensures safeguards such as:

  • Hosting in compliant data centers

  • Use of SCCs with subprocessors

11. Termination and Data Return

Upon service termination:

  • All client data will be deleted from Onmotiq’s systems within 30 days, unless required to retain by law

  • Backups and archives will be cleared within 90 days

12. Governing Law

This DPA shall be governed by and construed in accordance with the laws of the United Arab Emirates, unless otherwise agreed in writing.

13. Contact Information

The Online Motion L.L.C-FZ
Meydan Grandstand, 6th floor
Meydan Road, Nad Al Sheba, Dubai, U.A.E.
info@onmotiq.com
 +971 52 380 5320