Exploro.
Apply for Access
Legal

Data Processing Addendum

Version 1.0 · Effective 2026-04-24

This Data Processing Addendum ("DPA") forms part of the Terms of Service between Customer ("Controller") and ExploroMedia LLC ("Processor") when ExploroMedia processes Personal Data on Customer's behalf. Drafted in accordance with GDPR Article 28.

1. Definitions

Controller, Processor, Personal Data, Processing, Sub-processor, Data Subject - as defined under GDPR.

2. Role and Scope

  • Customer = Controller of Lead Data and User Data
  • ExploroMedia = Processor
  • Processing occurs only on documented instructions from Customer

3. Duration

Duration of the Terms of Service plus deletion period.

4. Nature and Purpose

To provide the Services per the Terms of Service.

5. Categories of Data Subjects

Customer's prospects, business contacts, and users (B2B).

6. Categories of Personal Data

Business contact information (name, title, email, phone, employer, role), enriched business data, interaction metadata.

7. Sub-processors

  • Customer authorizes sub-processors listed at /legal/subprocessors
  • 30 days' notice before adding new sub-processors
  • Customer may object on reasonable grounds
  • Sub-processor obligations flowed down contractually

8. International Transfers

  • EU Standard Contractual Clauses (Module 2: Controller-to-Processor) incorporated by reference
  • Additional safeguards per EU-US Data Privacy Framework where applicable

9. Technical and Organizational Measures

  • Detailed at /legal/security
  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls, 2FA for administrative access
  • Logging, monitoring, incident response procedures

10. Data Subject Rights

  • ExploroMedia assists Customer in responding to requests
  • Forwarding of requests within 72 hours

11. Breach Notification

  • Within 72 hours of confirmed Personal Data breach
  • Includes: nature, categories, approximate numbers, consequences, measures taken

12. Data Deletion and Return

  • Upon termination: 30-day export window, deletion thereafter
  • Confirmation of deletion available on request

13. Audits

  • We provide SOC 2 / ISO 27001 reports when available
  • On-site audits with reasonable notice, limited to once per year, at Customer's cost

14. Liability

Governed by the Terms of Service (Section 10).

Annexes

  • Annex I - Parties (Customer fills in at signing)
  • Annex II - Description of Processing (as above)
  • Annex III - Technical and Organizational Measures (see /legal/security)
  • Annex IV - Sub-processors (see /legal/subprocessors)