Data Processing/Protection Agreement

The terms of this DPA shall only apply in respect of the collection and processing of Personal Data of Data Subjects located within the EEA.

The parties agree to enter good faith discussions regarding updates necessitated by changes in data protection laws, supervisory authority guidance, or accepted practices affecting similar services. Updates may be agreed in writing and shall be incorporated into the DPA, with each party bearing their own costs.

Section 1: Definitions

Collected Personal Data

Personal Data collected by Email Pulse during provision of the Subscription Service and Consulting Services.

Complaint

Complaints or requests relating to either party's data protection obligations, including compensation claims or supervisory authority actions.

Data Subject Request

Requests by Data Subjects exercising rights under data protection laws.

DP Laws

Applicable laws regulating Personal Data processing, privacy, and use, including the Data Protection Act 2018, Privacy and Electronic Communications Regulations 2003, GDPR, and equivalent UK laws.

Personal Data Breach

"breach of security or other action or inaction leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data."

Supervisory Authority

Local, national, or multinational agencies administering data protection laws.

Section 2: Data Processing/Protection Obligations

2.1 Controller Status

"Each party is a separate and independent Controller of the Personal Data it discloses or makes available to the other party, and processes under the Agreement."

2.2 Email Pulse's Obligations

• Use and process Personal Data only for lawful purposes required to provide services
• Provide sufficient information enabling compliance with GDPR Articles 13–14
• May transfer Personal Data to third parties if contractually bound to substantially similar obligations

2.3 Obligations for Both Parties

Each party shall:

• Comply with all applicable data protection laws
• Perform obligations at its own cost
• Keep Personal Data secure at all times, including by implementing and maintaining appropriate technical and organisational measures
• Ensure authorized individuals commit to confidentiality standards
• Provide reasonable assistance regarding continued DP Laws compliance, Data Subject claims, Personal Data Breach information, Data Subject contacts about rights, data protection impact assessments, supervisory authority investigations, and Personal Data Breach responses
• Provide information and participate in audits to demonstrate DP Laws compliance

2.4 Customer Privacy Notice Obligations

The customer must provide Data Subjects a privacy notice that:

• Complies with data protection laws
• Describes Personal Data disclosure to and processing by Email Pulse
• Names Email Pulse where possible
• Ensures a lawful processing basis exists
• Obtains necessary consents for collection, processing, and cookie/technology use

2.5 Breach Notification Restrictions

"To the extent permitted by applicable law, neither party shall: (i) notify a Supervisory Authority or Data Subject of any Personal Data Breach; or (ii) issue any public statement or otherwise notify any Data Subject of such Personal Data Breach, without first consulting with, and obtaining the consent of, the other party."