GDPR

This GDPR data processing agreement explains how personal data is handled on Webinarum when you host events and work with attendees. Webinarum is an informational website for the MyOwnConference webinar platform, operated by Akovana UAB. Registration, user accounts, and webinar rooms are provided through the MyOwnConference platform at myownconference.com. By using the platform as a Client, you agree to these processing terms.

§ 1. Definitions

1. Controller. The Registered User as defined in the Terms of Service for Webinarum, and this agreement is an attachment to those Terms.

2. Processor. Akovana UAB, the owner and operator of the Webinarum informational website and the MyOwnConference webinar platform, as defined in the Terms of Service, and this agreement is an attachment to those Terms.

3. Agreement. This data processing agreement sets the rules for how personal data is processed on behalf of the Controller. Any capitalized terms not defined here have the meaning given in the Terms of Service for Webinarum.

§ 2. Scope and roles

1.1. The Controller confirms that it controls the personal data of Guests described in Attachment A below, and this data is referred to as Personal Data.

1.2. The parties confirm that they have entered into the Website Use Agreement, also called the Cooperation Agreement. To provide the Cooperation Agreement, the Processor must process Personal Data for the Controller.

1.3. Under this Agreement, the Controller instructs the Processor to process Personal Data under GDPR, within the scope listed in Attachment A, and only to perform the Cooperation Agreement.

1.4. The Processor confirms that it understands GDPR and will comply with it, including by implementing appropriate technical and organizational safeguards to protect individualsʼ rights.

1.5. The Processor is authorized to carry out the processing operations listed in Attachment B below.

1.6. The Processor will not appoint a sub processor without the Controllerʼs written consent. If the consent is general, the Processor will notify the Controller at least 21 days before adding or replacing a sub processor. If the Controller does not approve in writing by that date, the Processor will treat this as no consent.

1.7. When consent is given, the Processor may use a sub processor only under an agreement that provides protections at least as strict as this Agreement and GDPR.

1.8. If a sub processor fails to meet its obligations, the Processor remains fully responsible to the Controller for that sub processorʼs compliance.

1.9. The Processor supports the Controller in meeting data subject rights under this Agreement, GDPR, and applicable European Union and Lithuanian law.

1.10. The Processor informs the Controller that certain sub processors may handle Guestsʼ Personal Data in order to provide the service, and the Controller agrees to this arrangement subject to the consent rules above.

1.11. Where transfers to the United States are required, the Processor relies on valid transfer mechanisms recognized under EU law, including the Trans Atlantic Data Privacy Framework where applicable.

1.12. The Controller is responsible for the following.

1.12.1. Meeting all obligations that data protection law places on the Controller toward data subjects. 1.12.2. Deciding what Personal Data is processed and for what purpose. 1.12.3. Bearing the consequences of failing to meet those obligations, including any recourse claims brought by the Processor.

§ 3. Processing obligations

2.1. The Processor will not process Personal Data for any purpose outside this Agreement, except where EU or Lithuanian law requires it.

2.2. The Processor will process Personal Data and assist the Controller in line with GDPR and other applicable European Union and Lithuanian data protection rules.

2.3. The Processor follows these principles.

2.3.1. Process Personal Data only on documented instructions from the Controller, including instructions on international transfers, unless a transfer is required by EU or Lithuanian law. In that case the Processor will inform the Controller at least 21 days before the transfer, unless the law prohibits notice for public interest reasons. 2.3.2. Ensure that anyone authorized to process Personal Data is bound by confidentiality. 2.3.3. Implement measures required by GDPR Articles 30, 32, 35, and 36, and provide the Controller with relevant assessments before major processing begins. 2.3.4. Follow the sub processor rules described in §1.6 through §1.9. 2.3.5. Use appropriate safeguards so the Controller can respond to data subject requests. 2.3.6. Maintain GDPR required processing records based on the nature of processing and information available to the Processor. 2.3.7. Forward any data subject request or complaint to the Controller without undue delay and no later than 12 hours by electronic means and within 3 business days by mail when applicable. 2.3.8. Respond promptly to Controller requests about this Agreement and provide evidence of compliance within 3 business days. 2.3.9. Stop processing and delete or return Personal Data at the end of the Cooperation Agreement or upon Controller request, unless EU or Lithuanian law requires retention. 2.3.10. Provide information needed to demonstrate compliance with GDPR Article 28 and to support audits by the Controller or an authorized auditor.

2.4. The Processor will do the following.

2.4.1. Follow Controller instructions on scope, purpose, and methods of processing. 2.4.2. Protect Personal Data against unauthorized access, alteration, loss, or destruction. 2.4.3. Allow only authorized personnel to access systems and devices used for processing. 2.4.4. Keep internal records of personnel involved in processing.

2.5. The Processor will notify the Controller of a Personal Data breach without undue delay and no later than 12 hours after becoming aware of it, and the notice will include the following.

2.5.1. What happened and which data categories were affected, including estimates of impacted data subjects and records. 2.5.2. Contact details for the relevant security or privacy contact. 2.5.3. Likely consequences of the breach. 2.5.4. Measures taken or planned to address the breach and reduce harm.

2.6. The Processor will document each breach and provide evidence to help the Controller investigate, including scope, timing, impact, responsible parties, and remediation steps.

§ 4. Audits and cooperation

3.1. The Processor will fix any issues found during audits or inspections within the deadline set by the Controller, and in any case no later than 7 days after notice.

3.2. The Processor will provide the Controller with information needed to show legal compliance at the Processorʼs own cost.

§4 Liability and reporting

4.1. The Processor is liable to the Controller for failure to meet its obligations under this Agreement and GDPR, including failures by sub processors and any unauthorized disclosure or use of Personal Data.

4.2. The Processor will inform the Controller within 3 business days about any formal proceedings, decisions, or planned inspections related to Personal Data processing.

4.3. The Processor will keep documentation of processing activities and compliance and provide it to the Controller within 3 business days upon request.

§5 Confidentiality

5.1. The Processor will keep confidential all Personal Data and related materials received from the Controller.

5.2. The Processor will not use or disclose confidential information without written consent from the Controller, unless disclosure is required by law or by this Agreement.

5.3. Both parties will use secure communication methods that protect confidential information from unauthorized access.

§ 5. Term

6.1. This Agreement applies for as long as the Processor needs to process Personal Data to perform the Cooperation Agreement. It ends when the Cooperation Agreement ends, and in any case remains in force until the processing purpose described in §1.3 is fulfilled.

§ 6. Governing law

7.1. This Agreement forms part of the Cooperation Agreement.

7.2. Any matter not covered here is governed by applicable European Union law and Lithuanian law, including GDPR.

§ 7. Attachments

Attachment A. Range of Guestsʼ Personal Data

1.	Email
2.	Presenter website address
3.	Nickname
4.	Password
5.	Name and surname
6.	Telephone number
7.	Country
8.	Position and company name
9.	Time zone
10.	Photograph or avatar
11.	Information note
12.	IP address
13.	Operating system
14.	Browser name and version
15.	Device type
16.	Meeting entry and exit times
17.	Participant role
18.	Browser tab activity
19.	Connection establishment
20.	Connection summary
21.	Connection issues
22.	Responses to requests
23.	Action confirming meeting participation or absence
24.	Broadcasting start and end
25.	Video playback start
26.	Video playback stop
27.	Playback position change
28.	Video playback end
29.	Slideshow start
30.	Slide change
31.	Slideshow end
32.	File viewer start

Attachment B. Processing operations

1.	Collection via the internet
2.	Storage
3.	Electronic transmission to the Controller
4.	Analysis and deduplication

Frequently Asked Questions

The Controller is you as the Client who decides why and how attendee data is collected for your events. The Processor is Akovana UAB, which operates both Webinarum and the MyOwnConference webinar platform. We handle that data only to deliver the service under your instructions.

We process the attendee and host data listed in Attachment A, such as account details, device information, and webinar activity logs. This data is used only to run your webinars, support participation, and provide analytics for your account.

Yes, we may rely on vetted sub processors to provide parts of the service, for example hosting or infrastructure. We will not add or change a sub processor without your written consent, and you get 21 days notice before any new sub processor starts processing data.

If we detect a breach, we notify you as quickly as possible and no later than 12 hours after confirmation. The notice includes what happened, what data may be affected, likely impact, and what we are doing to fix it. We also keep incident records to support your GDPR reporting duties.

When your agreement with us ends, you can instruct us to delete or return the personal data we processed for you. We will follow your request unless EU or Lithuanian law requires us to keep certain records for a limited period.

Data processing explained

Learn how data is handled in the service and what responsibilities apply to organizers and users

Read the agreement