Data Processing Agreement

When IntoLeads processes personal data on behalf of a customer, the customer is the controller or business and IntoLeads acts as the processor or service provider, as those terms are defined by applicable data protection laws.

This DPA applies to personal data submitted to the services under a customer agreement, order form, or similar written arrangement.

IntoLeads will process customer personal data only to provide the services, follow documented customer instructions, comply with law, prevent abuse, and maintain the security and integrity of the services.

Customers are responsible for providing lawful instructions and ensuring they have the necessary notices, consents, and rights for the personal data submitted.

IntoLeads maintains reasonable technical and organizational measures designed to protect customer personal data against unauthorized access, loss, misuse, alteration, and disclosure.

Security measures may include access controls, encryption in transit, monitoring, vulnerability management, personnel controls, and incident response procedures appropriate to the nature of the processing.

IntoLeads may use subprocessors to provide hosting, analytics, communication, support, infrastructure, and other operational services.

We require subprocessors to protect customer personal data under obligations that are substantially similar to those in this DPA.

Taking into account the nature of the processing, IntoLeads will reasonably assist customers with data subject requests, security obligations, and data protection assessments where required by applicable law.

Upon termination or written request, IntoLeads will delete or return customer personal data according to the customer agreement, unless retention is required by law.

For data processing questions or requests, contact us at [email protected].