Back to Home

Data Processing Agreement

Last Updated: March 13, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between DealKinetic Inc. ("DealKinetic," "Processor," "we," "us," or "our") and the Client ("Controller," "you," or "your") and applies to the processing of Personal Data by DealKinetic on behalf of the Client.

1. Definitions

For the purposes of this DPA, the following terms shall have the following meanings:

  • "Controller" means the Client who determines the purposes and means of the Processing of Personal Data.
  • "Data Protection Laws" means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including but not limited to the GDPR, CCPA, and other applicable state, federal, and international privacy laws.
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.
  • "CCPA" means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq.
  • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by DealKinetic on behalf of the Client.
  • "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, alignment or combination, restriction, erasure, or destruction.
  • "Processor" means DealKinetic, which processes Personal Data on behalf of the Controller.
  • "Services" means the lead recovery and engagement services provided by DealKinetic as described in the Terms of Service.
  • "Sub-processor" means any Processor engaged by DealKinetic to process Personal Data on behalf of the Client.

2. Processing of Personal Data

2.1 Scope and Purpose

DealKinetic shall process Personal Data only for the purpose of providing the Services as described in the Terms of Service and in accordance with the Client's documented instructions, unless required to do otherwise by applicable law.

2.2 Types of Personal Data

The types of Personal Data processed by DealKinetic include:

  • Contact information (name, email address, phone number, mailing address)
  • Lead status and interaction history
  • Business-related information
  • Communication preferences
  • Any other information contained in the Client's CRM that is necessary for the provision of the Services

2.3 Categories of Data Subjects

The categories of Data Subjects include:

  • Prospective customers or leads of the Client
  • Former customers of the Client
  • Individuals who have inquired about the Client's products or services

2.4 Duration of Processing

DealKinetic will process Personal Data for the duration necessary to provide the Services or until the termination of the Client's account, whichever comes first, unless otherwise required by applicable law.

3. Client's Obligations

3.1 Lawful Basis

The Client warrants that it has a lawful basis for the processing of Personal Data under applicable Data Protection Laws and has obtained all necessary consents, permissions, and authorizations to permit DealKinetic to process Personal Data on its behalf.

3.2 Instructions

The Client shall provide clear instructions to DealKinetic regarding the processing of Personal Data. These instructions shall comply with applicable Data Protection Laws.

3.3 Data Subject Rights

The Client is responsible for fulfilling data subject rights requests as required under applicable Data Protection Laws. DealKinetic will assist the Client in addressing such requests as described in Section 5 of this DPA.

4. DealKinetic's Obligations

4.1 Compliance with Instructions

DealKinetic shall process Personal Data only in accordance with the Client's documented instructions and this DPA. If DealKinetic is required to process Personal Data for any other purpose by applicable law, DealKinetic shall inform the Client of that legal requirement before processing, unless prohibited by law.

4.2 Confidentiality

DealKinetic shall ensure that all personnel authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.3 Security Measures

DealKinetic shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, as appropriate:

  • Encryption of Personal Data in transit and at rest
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
  • Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures
  • Access controls and authentication mechanisms
  • Regular security awareness training for employees

4.4 Sub-processors

DealKinetic may engage Sub-processors to process Personal Data on behalf of the Client. DealKinetic shall:

  • Maintain a list of current Sub-processors, which will be made available to the Client upon request
  • Inform the Client of any intended changes concerning the addition or replacement of Sub-processors
  • Ensure that any Sub-processor is bound by written contractual terms that are no less protective than those in this DPA
  • Remain fully liable to the Client for the performance of the Sub-processor's obligations

4.5 Data Breach Notification

In the event of a personal data breach, DealKinetic shall:

  • Notify the Client without undue delay after becoming aware of a personal data breach
  • Provide the Client with sufficient information to allow the Client to meet any obligations to report the personal data breach to supervisory authorities and/or affected data subjects
  • Take reasonable steps to mitigate the effects of the personal data breach and minimize potential damage
  • Assist the Client in documenting the personal data breach as required by applicable Data Protection Laws

5. Data Subject Rights

DealKinetic shall, to the extent legally permitted, promptly notify the Client if it receives a request from a data subject to exercise their rights under applicable Data Protection Laws. Taking into account the nature of the processing, DealKinetic shall assist the Client by implementing appropriate technical and organizational measures to help the Client respond to such requests.

6. Data Protection Impact Assessment

Upon the Client's request, DealKinetic shall provide the Client with reasonable assistance in carrying out data protection impact assessments and prior consultations with supervisory authorities as required by applicable Data Protection Laws, taking into account the nature of the processing and the information available to DealKinetic.

7. Return or Deletion of Personal Data

Upon termination of the Services or at the Client's request, DealKinetic shall, at the Client's choice, delete or return all Personal Data to the Client and delete existing copies, unless applicable law requires the storage of the Personal Data.

8. Audit Rights

DealKinetic shall make available to the Client all information necessary to demonstrate compliance with the obligations set forth in this DPA and shall allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client, subject to reasonable notice and confidentiality obligations.

9. International Data Transfers

DealKinetic shall not transfer Personal Data outside of the country or region where the Client is located unless:

  • The transfer is to a country or region that has been determined to provide an adequate level of protection for Personal Data by the relevant authorities
  • DealKinetic has implemented appropriate safeguards for the transfer in accordance with applicable Data Protection Laws
  • The Client has provided explicit consent to the specific transfer
  • The transfer is necessary for the performance of the Services

10. General Provisions

10.1 Governing Law

This DPA shall be governed by the laws specified in the Terms of Service.

10.2 Severability

If any provision of this DPA is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this DPA shall otherwise remain in full force and effect.

10.3 Precedence

In the event of any conflict or inconsistency between this DPA and the Terms of Service, the provisions of this DPA shall prevail with respect to the subject matter hereof.

10.4 Amendments

This DPA may only be amended by a written document signed by both parties.

11. Contact Information

For any questions about this DPA or to exercise your rights, please contact us at:

Email: privacy@dealkinetic.com
Address: DealKinetic Inc., 123 Innovation Way, Suite 500, Ann Arbor, MI 48103

Ready to recover your lost revenue?

We take data protection seriously, ensuring your business and customer information is handled with the utmost care and in compliance with all applicable regulations.