By using this Website, you accept our Terms and Conditions and Privacy Notice

Data Processing Agreement

Effective January 1, 2024

This Data Processing Agreement (“DPA”), is incorporated into existing and currently valid Terms and conditions (the “Agreement”) either previously or concurrently made between you (together, with any subsidiaries and affiliated entities, collectively, “Customer”) and Koučingo laboratorija MB (together, with any subsidiaries and affiliated entities, collectively “GoBeyondBetter” or “Processor”) and sets forth additional terms that apply to the extent any information you provide to GoBeyondBetter pursuant to the Agreement includes Personal Data (as defined below). This DPA is effective as set forth in GoBeyondBetter’s Terms and conditions.

1. Defined Terms.
The following definitions are used in this DPA:
  • 1.1 "Authorised Personnel" means (a) GoBeyondBetter’s employees who have a need to know or otherwise access Personal Data for the purposes of performing applicable services; and (b) GoBeyondBetter’s contractors, agents, and auditors who have a need to know or otherwise access Personal Data to enable GoBeyondBetter to perform its obligations under the Agreement and this DPA, and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Data in accordance with the terms and conditions of this DPA.
  • 1.2 "Customer Data" means
  • means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by you or on your behalf as a Customer or a User through the Services or by or on behalf of your prospects, customers or other end users of the Services who access the Services for purposes of interacting with you and your users.
  • 1.3 “Data Protection Laws” means all applicable data protection, privacy and data security laws, as well as applicable regulations and formal directives intended by their nature to have the force of law, all as amended from time to time, including, without limitation, the EU Data Protection Laws.
  • 1.4 “Data Subject” means the individual or consumer to whom Personal Data relates.
  • 1.5 "EU Data Protection Laws” means GDPR together with any applicable implementing legislation or regulations, as well as European Union or Member State laws, as amended from time to time.
  • 1.6 “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.).
  • 1.7 “Personal Data” means any Customer Data relating to an identified or identifiable natural person that is Processed by GoBeyondBetter on behalf of Customer in connection with providing the Services to Customer, when such information is protected as “personal data” or “personal information” or a similar term under Data Protection Law(s).
  • 1.8 “Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
  • 1.9 “Security Breach” means a confirmed breach of GoBeyondBetter’s information security measures leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data covered by this DPA.
  • 1.10 "Services” means the services provided by GoBeyondBetter to you under the Agreement.
  • 1.11 “Website” means
  • “Standard Contractual Clauses” means the model clauses for the transfer of Personal Data to processors established in third countries approved by the European Commission, the approved version of which is set out in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and at link.
  • 1.12 The terms "Processor” and “Controller”, shall have the meanings given to them under the applicable Data Protection Law. Any capitalised terms herein that are not defined in this DPA shall have the meanings associated with them in the Agreement, and are hereby adopted by reference in this Agreement.
2. Processing and Transfer of Personal Data
Customer acknowledges and agrees that GoBeyondBetter is located in Lithuania, Europe.
  • 2.1 Customer Obligations. Customer is the Controller of Personal Data and shall (a) determine the purpose and essential means of the Processing of Personal Data in accordance with the Agreement; (b) be responsible for the accuracy of Personal Data; and (c) comply with its obligations under Data Protection Laws, including, when applicable, ensuring Customer has a lawful basis to collect Personal Data, providing Data Subjects with any required notices, and/or obtaining the Data Subject’s consent to process the Personal Data.
  • 2.2 GoBeyondBetter Obligations.GoBeyondBetter is the Processor of Personal Data and shall (a) Process Personal Data on Customer’s behalf in accordance with Customer’s written instructions (unless waived in a written requirement) provided during the term of this DPA, and (b) comply with its obligations under Data Protection Laws. A description of the processing of Personal Data intended to be carried out under this DPA is set out in Annex 1 attached hereto. The parties agree that the Agreement, including this DPA, together with Customer’s use of the Services in compliance with the Agreement, constitute Customer’s complete and final written instructions to GoBeyondBetter in relation to the Processing of Personal Data, and additional instructions outside the scope of these instructions shall require a prior written and mutually executed agreement between Customer and GoBeyondBetter. In the event GoBeyondBetter reasonably believes there is a conflict with any Data Protection Law and Customer’s instructions, GoBeyondBetter will inform Customer promptly and the parties shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
  • 2.3 Data Use. GoBeyondBetter shall not use of Personal Data, except for usage of Personal Data pursuant to Customer’s instructions, and as necessary to bring and defend claims, to comply with requirements of the legal process, to cooperate with regulatory authorities, and to exercise other similar permissible uses as expressly provided under Data Protection Laws.
  • 2.4 Location of Processing. The parties acknowledge and agree that Processing of Personal Data will occur in Germany, Europe and perhaps in other jurisdictions outside the residence of a Data Subject and Customer shall comply with all notice and consent requirements for such transfer and processing to the extent required by Data Protection Laws.
  • 2.5 Return or Destruction of Data. GoBeyondBetter shall return or securely destroy Personal Data, in accordance with Customer’s instructions, upon Customer’s request or upon termination of Customer’s account(s) unless Personal Data must be retained to comply with applicable law.
3. Sub-processors
  • 3.1 Sub-processor List. Customer consents to GoBeyondBetter’s use of the sub-processors set out in Annex 3 attached hereto. GoBeyondBetter may update its list of sub-processors from time to time, and shall make available any updates to such list here.
  • 3.2 Sub-processor Agreements. GoBeyondBetter shall enter into a written agreement with any such sub-processor containing data protection obligations that are at least as restrictive as its obligations in this DPA.
4. Customer Representation and Warranty
Customer represents and warrants on behalf of itself and its employees that the Personal Data provided to GoBeyondBetter for processing under the Agreement and this DPA is collected and/or validly obtained and utilised by Customer and its employees in compliance with all Data Protection Laws, including without limitation the disclosure, informed affirmative consent and targeted advertising provisions of Data Protection Laws, including without limitation Chapter II of the GDPR, and Customer shall defend, indemnify and hold harmless GoBeyondBetter from and against all loss, expense (including reasonable out-of-pocket attorneys’ fees and court costs), damage, or liability arising out of any claim arising out of a breach of this Section 4. .
5. Data Protection
  • 5.1 Data Security. GoBeyondBetter will utilise commercially reasonable efforts to protect the security, confidentiality, and integrity of the Personal Data transferred to it using reasonable administrative, physical, and technical safeguards. Notwithstanding the generality of the foregoing, GoBeyondBetter shall: (a) employ reasonable administrative, physical, and technical safeguards (including commercially reasonable safeguards against worms, Trojan horses, and other disabling or damaging codes) to afford protection of the Personal Data in accordance with Data Protection Laws as would be appropriate based on the nature of the Personal Data; (b) utilise commercially reasonable efforts to keep the Personal Data reasonably secure and in an encrypted form, and use industry standard security practices and systems applicable to the use of Personal Data to prevent, and take prompt and proper remedial action against unauthorised access, copying, modification, storage, reproduction, display, or distribution of Personal Data; and (c) cease to retain documents containing Personal Data, or remove the means by which Personal Data can be associated with particular individuals reasonably promptly after it is reasonable to assume that (i) the specified purposes are no longer being served by GoBeyondBetter’s retention of Personal Data, and (ii) retention is no longer necessary for legal or business purposes.
  • 5.2 Authorised Personnel. GoBeyondBetter shall ensure that Authorised Personnel have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality with obligations at least as restrictive as those contained in this DPA.
  • 5.3 Security Breaches. After confirmation of a Security Breach, (a) GoBeyondBetter will promptly: (i) notify Customer of the Security Breach; (ii) investigate the Security Breach; (iii) provide Customer with necessary details about the Security Breach as required by applicable law; and (iv) take reasonable actions to prevent a recurrence of the Security Breach; and (b) GoBeyondBetter agrees to cooperate in Customer’s handling of the matter by: (i) providing reasonable assistance with Customer’s investigation; and (ii) making available relevant records and other materials related to the Security Breach’s effects on Customer, as required to comply with Data Protection Laws.
6. Assistance
  • 6.1 Processor Assistance. Upon Customer's written request, GoBeyondBetter shall provide reasonable assistance to Customer as necessary in order to assist Customer with meeting its obligations under Data Protection Laws, including by providing information to Customer about GoBeyondBetter’s technical and organisational security measures, and as needed to complete data protection assessments.
  • 6.2 Data Subject Requests. GoBeyondBetter shall reasonably assist Customer with the fulfilment of Customer’s obligations to Data Subjects exercising rights afforded by Data Protection Laws, with respect to Personal Data in the event that Customer cannot act on such request without GoBeyondBetter’s assistance. If a Data Subject makes a request to GoBeyondBetter to exercise a right with respect to his or her Personal Data of which Customer is the Controller, GoBeyondBetter will promptly inform Customer of the request, and will advise the Data Subject to submit their request directly to Customer. Customer will be responsible for addressing such request.
7. Miscellaneous
  • 7.1 Conflict. In the event of any conflict or inconsistency between this DPA and Data Protection Laws, Data Protection Laws shall prevail. In the event of any conflict or inconsistency between the terms of this DPA and the terms of the Agreement, the terms of this DPA shall prevail solely to the extent that the subject matter concerns the Processing of Personal Data.
  • 7.2 Amendments. This DPA shall not be modified except in accordance with the “Changes” section of GoBeyondBetter’s Terms of Use or the terms set out in the Agreement for modification. To the extent that it is determined by any data protection authority that the Agreement or this DPA is insufficient to comply with Data Protection Laws or changes to Data Protection Laws, Customer and GoBeyondBetter agree to cooperate in good faith to amend the Agreement or this DPA or enter into further mutually agreeable data processing agreements in an effort to comply with all Data Protection Laws.
  • 7.3 Liability. Each Party’s liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the limitations of liability contained in the Agreement. For the avoidance of doubt, each reference herein to the “DPA” means this DPA including its exhibits and appendices.
  • 7.4 Entire Agreement. This DPA is without prejudice to the rights and obligations of the parties under the Agreement which shall continue to have full force and effect. This DPA, together with the Agreement, is the final, complete and exclusive agreement of the Parties with respect to the subject matter hereof and supersedes and merges all prior discussions and agreements between the parties with respect to such subject matter.

Exhibit A: Standard Contractual Clauses

This Annex forms part of the Standard Contractual Clauses

Annex 1
A. List of Parties
  • Data Exporter
    Data exporter is Customer.
    • Address: the Customer’s address set out in the Agreement.
    • Contact person’s (DPO and/or EU representative) name, position, and contact details: the Customer’s contact details as set out in the Agreement/order form.
    • Activities relevant to the data transferred under these Clauses: activities necessary to provide the Services described in the Agreement.
    • Signature and date: Customer is deemed to have signed this Annex I by accepting GoBeyondBetter’s Terms of Use.
  • Data Importer
    The data importer is GoBeyondBetter (Koučingo Laboratorija MB).
    • Address: Konarskio str. 28-37, LT-03127, Vilnius, Lithuania.
    • Contact person’s (DPO and/or EU representative) name, position, and contact details: Marius Pranauskas, CEO, hello[at]gobeyonbetter.com
  • Activities relevant to the data transferred under these Clauses: activities necessary to provide the Services described in the Agreement.
  • Signature and date: GoBeyondBetter is deemed to have signed this Annex 1 by accepting GoBeyondBetter’s Terms of Use
B. Description of Transfer
  • Categories of data subjects whose personal data is transferred
    Data exporter may submit Personal Data to GoBeyondBetter, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects: (i) the data exporter’s end-users including employees, contractors, representatives, business partners, collaborators, and customers, and (ii) persons with whom data exporter is scheduling appointments through use of data importer’s Services which may include its representatives, business partners, collaborators, customers, and potential customers.
  • Categories of personal data transferred
    Data exporter may submit Personal Data to GoBeyondBetter, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data: (a) First and last name; (b) Title; (c) Position; (d) Employer; (e) Contact information (company, email, phone, physical business address); (f) Connection data; (g) Localisation data; and (h) other data in an electronic form used by Customer in the context of the Services.
  • Sensitive data transferred (if applicable)
    None
  • The Frequency of the Transfer
    Continuous
  • Nature of the processing
    The processes may include collection, storage, retrieval, consultation, use, erasure or destruction, disclosure by transmission, dissemination, or otherwise making available data exporter’s data as necessary to provide the Services in accordance with the data exporter’s instructions, including related internal purposes (such as quality control, troubleshooting, product development, etc.).
  • Purpose(s) if the data transfer and further processing
    The objective of the processing of Personal Data by the data importer is the performance of the contractual services under the Agreement with the data exporter.
  • The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period.
    Personal data is retained for so long as is reasonably necessary to fulfil the purposes for which the data was collected, to perform our contractual and legal obligations, and for any applicable statute of limitations periods for the purposes of bringing and defending claims
    For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:
    The subject matter and nature of the processing by sub-processors is as set out in Annex 3 to this DPA. The duration of the processing by sub-processors shall be for so long as data importer provides the Services under the Agreement to data exporter.
C. Competent Supervisory Authority

Lithuania STATE DATA PROTECTION INSPECTORATE (Valstybinė Duomenų apsaugos inspekcija)

Annex 2: Technical And Organisational Measures To Ensure The Security Of The Data
Processor will maintain reasonable administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of personal data transferred to Processor as described in this DPA.
Annex 3: Processor’s Sub-Processors
By entering into this DPA, the Customer has authorised the use of the listed Sub-processors found here.

Sub-Processor Name Permitted
Sub-Processor Activities
Data Protection Officer Contact Details Address Processing Location(s)
Google Analytics, internal collaboration,
and infrastructure
Web Intake Form 1600 Amphitheatre Parkway, Mountain View,
CA, 94043
California, USA
Zoom Video Communications, IncVideo conferencing toolZoom Privacy Statement 55 Almaden Blvd, Suite 600,
CA, 95113
San Jose, USA