Data Processing Agreement (DPA)

Effective Date: 01.04.2025

This Data Processing Agreement (the “Agreement”) is entered into by and between:

  • HelpData, a product of Upconomy, with its principal place of business at [Insert Address] (“Processor”), and

  • [Customer’s Name], the user or entity utilizing the HelpData platform for data enrichment, with its principal place of business at [Insert Customer’s Address] (“Controller”).

This Agreement is made in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and any other applicable data protection laws.

1. Definitions

  • Controller: The entity that determines the purposes and means of processing personal data.

  • Processor: The entity that processes personal data on behalf of the Controller.

  • Data Subject: An individual whose personal data is processed.

  • Personal Data: Any information relating to an identified or identifiable individual.

  • Processing: Any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, retrieval, use, disclosure, and deletion.

  • Data Enrichment: The process of enhancing or augmenting data provided by the Controller with additional information via the HelpData platform.

2. Purpose and Scope of Data Processing

The Processor will process personal data on behalf of the Controller for the purpose of providing data enrichment services. The Controller will upload personal data to the HelpData platform (e.g., email addresses, contact information) for enrichment. The Processor will enrich this data by providing additional contact details, data attributes, or other relevant information.

The types of personal data processed include, but are not limited to:

  • Email addresses

  • Contact names

  • Business information

  • Other identifiable information provided by the Controller

The processing will be limited to the data required to deliver the data enrichment services as requested by the Controller.

3. Processing Instructions

The Processor agrees to process personal data only in accordance with the written instructions of the Controller. The Controller instructs the Processor to process the data for the specific purpose of providing the data enrichment service. The Controller may provide additional instructions, provided that they are compatible with the purposes outlined in this Agreement.

The Controller is solely responsible for ensuring that the personal data they provide to the Processor is lawful, and that they have obtained the necessary consent from data subjects (if required) or have other lawful grounds for processing personal data.

4. Data Protection and Security Measures

The Processor agrees to implement appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and security of the personal data it processes on behalf of the Controller. These measures include, but are not limited to:

  • Data encryption and secure data storage.

  • Access control policies to ensure only authorized personnel have access to personal data.

  • Regular monitoring and auditing of systems to detect unauthorized access or data breaches.

  • Implementing safeguards to protect data against accidental loss or destruction.

The Processor will promptly notify the Controller if there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data.

5. Subprocessors

The Controller authorizes the Processor to engage subprocessors to perform specific processing tasks on its behalf. The Processor will ensure that any subprocessors are bound by the same data protection obligations as set forth in this Agreement.

A list of subprocessors will be maintained by the Processor and provided to the Controller upon request. The Processor will inform the Controller of any intended changes to the list of subprocessors and allow the Controller to object to the use of any new subprocessors within a reasonable time.

6. Data Subject Rights

The Processor will assist the Controller, to the extent possible, in responding to requests from data subjects to exercise their rights under the GDPR, including:

  • Right of access

  • Right to rectification

  • Right to erasure (the “right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

The Processor will notify the Controller promptly if it receives any direct requests from data subjects.

7. Data Retention and Deletion

The Processor will retain the personal data only for as long as necessary to provide the data enrichment services to the Controller. Once the data is no longer required for the purpose of the service, the Processor will securely delete or return the personal data to the Controller at their request.

HelpData does not retain enriched data after it has been downloaded by the Controller. All enriched data is automatically deleted from the platform upon download by the Controller.

8. Transfers of Personal Data

The Processor may transfer personal data outside the European Economic Area (EEA) to third countries only if the transfer is in compliance with applicable data protection laws, including ensuring that appropriate safeguards (such as the Standard Contractual Clauses) are in place to protect the data.

9. Audit Rights

The Controller has the right to audit the Processor’s compliance with this Agreement. The Processor agrees to cooperate with the Controller in conducting audits, including providing access to records, systems, and relevant information related to the processing of personal data.

If an audit identifies any areas where the Processor is non-compliant with this Agreement or data protection laws, the Processor will take corrective action at its own expense.

10. Indemnification

The Processor agrees to indemnify, defend, and hold harmless the Controller from any claims, losses, damages, liabilities, or expenses arising from the Processor’s failure to comply with its obligations under this Agreement or applicable data protection laws, including any fines or penalties imposed by regulatory authorities.

11. Governing Law

This Data Processing Agreement shall be governed by and construed in accordance with the laws of [Insert Jurisdiction, e.g., the European Union or the country where HelpData is located], and any disputes shall be resolved in the courts of that jurisdiction.

12. Termination

This Agreement will terminate when the processing services provided by HelpData are no longer needed, or upon termination of the relationship between the Controller and the Processor.

Upon termination, the Processor will either securely delete or return all personal data to the Controller, as requested, and will confirm that it has done so.

13. Contact Information

If you have any questions or concerns regarding this Data Processing Agreement, or to exercise any of your rights under this Agreement, please contact HelpData through our contact form.