1. Client Responsibility for Compliance.

The Client acknowledges that they have sole responsibility for ensuring the Website/Deliverables comply with the laws and regulations of any jurisdiction where the Client offers goods or services. This includes, but is not limited to:

Privacy & Data: The EU General Data Protection Regulation (GDPR), the UK GDPR, and Canada’s PIPEDA/Bill C-27.

Consumer Rights: EU consumer protection laws, including the 14-day right of withdrawal.

Accessibility: The European Accessibility Act (EAA) and the Accessibility for Ontarians with Disabilities Act (AODA), as applicable.

Online Governance: The EU Digital Services Act (DSA) regarding content moderation and “dark patterns.”

2. Agency Status as Data Processor.

Where the Agency handles personal data on behalf of the Client, the parties agree that the Client is the “Data Controller” and the Agency is the “Data Processor.” The Agency will process data only on the written instructions of the Client. If the Client requires the Agency to comply with specific EU-standard “Data Processing Agreements” (DPAs) or “Standard Contractual Clauses” (SCCs), such requirements must be disclosed in writing prior to the commencement of the project and may be subject to additional fees.

3. Accessibility & Interface Design.

Unless otherwise specified in the Statement of Work (SOW), the Agency will build the Website to standard industry usability. The Agency does not warrant that the Website meets WCAG 2.1 Level AA or other specific international accessibility mandates unless the Client explicitly requests such compliance in the SOW.

4. Indemnification.

The Client shall indemnify and hold the Agency harmless against any claims, fines, or legal fees arising from the Client’s failure to implement required legal disclosures (e.g., Privacy Policies, Cookie Banners) or for offering services in jurisdictions (such as the EU) where the Deliverables may be subject to regulations not explicitly covered in the SOW.