Legal

Data Processing Addendum (DPA)

Our standard DPA covers UK GDPR + EU GDPR, sub-processor governance, and international transfer mechanisms. Most customers sign as-is; we’re happy to discuss line-item edits where needed.

Download

PDF, version 2026-05-01, e-signature ready.

Request DPA by email Sub-processors list

The DPA is intentionally email-gated: we like to know who is reviewing it so we can answer questions quickly and version-track edits.

What’s in it

Roles (Marketeer as processor, Customer as controller)
Subject-matter, nature, purpose, and duration of processing
Categories of personal data + categories of data subjects
Technical and organisational measures (TOMs) — encryption, access, audit, BCP/DR
Sub-processor list and change-notification procedure (≥ 30 days)
UK and EU IDTA / SCCs for international transfers
Audit rights, breach notification, return / deletion on termination