This Data Processing Agreement (“DPA”) forms part of the Terms of Service or other written or electronic agreement (the “Principal Agreement”) between you, the user of Listcleaner.net (the “Customer”), and Listcleaner.net (“Service Provider”), and governs the processing of personal data in connection with the email data cleaning services provided.

1. Definitions

1.1 Personal Data: Any information relating to an identified or identifiable natural person as defined in applicable data protection laws.
1.2 Data Controller: The entity that determines the purposes and means of the processing of Personal Data (i.e., the Customer).
1.3 Data Processor: The entity that processes Personal Data on behalf of the Data Controller (i.e., Listcleaner.net).
1.4 Data Subject: The individual whose Personal Data is being processed.
1.5 Applicable Data Protection Law: All relevant laws and regulations applicable to the processing of Personal Data under this DPA, including GDPR, and any other local laws.

2. Subject Matter of Processing

The Service Provider processes the Personal Data uploaded by the Customer solely for the purpose of providing the email data cleaning services, including but not limited to:

• Identifying and removing invalid, duplicate, or undeliverable email addresses;
• Enhancing the accuracy of the Customer’s email lists.

3. Roles and Responsibilities

3.1 The Customer acts as the Data Controller, and the Service Provider acts as the Data Processor.
3.2 The Service Provider shall process Personal Data only in accordance with the Customer’s documented instructions, as set forth in this DPA or the Principal Agreement.
3.3 The Service Provider does not have access to the contents of the Customer’s email data. All data processing is handled by automated systems with no staff involvement in data access or manipulation.

4. Security Measures

4.1 The Service Provider shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, including:

• Encryption of Personal Data during transmission and storage;
• Data anonymization and pseudonymization techniques, where applicable;
• Regular testing, assessment, and evaluation of security practices.

4.2 Only automated systems are used to process data, and no individual employee of the Service Provider has access to Customer data.

5. Subprocessing

5.1 The Service Provider may engage Subprocessors in connection with the provision of the services. Any such Subprocessor shall be bound by the same data protection obligations as set out in this DPA. 5.2 The Service Provider shall remain fully liable to the Customer for the performance of any Subprocessor’s obligations.

6. Data Subject Rights

6.1 The Service Provider shall, to the extent legally permitted, promptly notify the Customer if it receives a request from a Data Subject to exercise their rights under Applicable Data Protection Law, such as rights of access, rectification, erasure, or data portability.
6.2 The Service Provider will assist the Customer in fulfilling its obligations to respond to such requests, where applicable.

7. Data Breach Notification

7.1 In the event of a data breach involving Personal Data processed by the Service Provider, the Service Provider shall notify the Customer without undue delay after becoming aware of the breach.
7.2 Such notification shall describe, to the extent possible, the nature of the breach, its likely consequences, and the measures taken or proposed to address the breach.

8. Data Retention and Deletion

8.1 The Service Provider shall retain Personal Data only for as long as is necessary to fulfill the purposes set forth in this DPA or as required by applicable law.
8.2 Upon termination of the services or upon the Customer’s request, the Service Provider shall delete or return all Personal Data, unless otherwise required by law.

9. International Data Transfers

9.1 The Service Provider shall ensure that any transfers of Personal Data outside the European Economic Area (EEA) or other regions with data transfer restrictions comply with applicable data protection laws, including the use of appropriate safeguards such as standard contractual clauses.

10. Liability

10.1 The Service Provider’s liability under this DPA shall be subject to the limitations and exclusions set forth in the Principal Agreement, except where such limitations are prohibited by applicable data protection laws.