Last Updated on May, 1, 2025
DATA PROCESSING AGREEMENT entered into on ____________ by and between OmniVerifier, (collectively referred to as: "Data Processor", "Processor", "Provider", "we", or "us"), and________________________ (collectively referred to as: "Data Controller", "Controller", or "you").Data Controller and Data Processor are hereinafter also jointly referred to as "Parties" and each separately as a "Party".
Introduction
This Data Processing Agreement (collectively referred to as: "Agreement") forms part of the Terms of Service (collectively referred to as: "Terms of Service") by and between the Parties and it's subject to the Terms of Service. In the event of any discrepancies between Terms of Service and this Agreement, the provision of this Agreement in relation to personal data protection shall prevail.The service provided by Provider to the Controller may require Provider to process Personal Data (as defined below). The Parties wish to ensure that the Personal Data processing is in conformity with the applicable laws, in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") and with other applicable personal data protection laws. For the purposes of this Agreement, the Data Controller is the controller of the Personal Data and Provider is the processor of such data, except when the Data Controller acts as a processor of the Data Controller's Personal Data, in which case Provider is a sub-processor. The detailed scope of Personal Data and the categories of data subjects are as defined below.It is agreed that by signing (accepting) this Data Protection Agreement any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this agreement relieves the Data Processor nor the Data Controller of its own direct responsibilities and liabilities under the GDPR.
Definitions
"Data Controller": a person or company that uses Data Processor's Service and controls the Personal Data processed using Data Processor's Service as set in Privacy Policy, Terms of Service and in this Data Processing Agreement.
"Data Processor": a person or company who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal data processing.
"GDPR": Regulation (EU) 2016/679 of The European Parliament and of The Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
"Personal Data": any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Personal Data regarding to the Service is data entrusted to us by our Data Controller for processing and processed in relation to the use of the Service.
"OmniVerifier": service provided by Provider.
"Website": omniverifier.com and any of its subdomains. Website is operated by Provider.
"Service" or "Services": as defined in the Terms of Service.
Controller Full Responsibilities And Idemnification
The Data Controller assumes complete and absolute responsibility for:The legality of all data collection methods used to obtain the Personal Data uploaded to the ServiceEnsuring all necessary consents have been properly obtained from data subjectsMaintaining all records of processing activities as required by applicable lawComplying with all applicable data protection laws and regulationsResponding to all data subject requests, complaints, and inquiriesNotifying relevant authorities of any Personal Data breaches as required by lawConducting any required data protection impact assessmentsObtaining any required authorizations for international data transfersEnsuring the lawfulness of any subsequent use of verified email addressesThe Data Controller hereby represents and warrants that it has full legal right and authority to provide the Personal Data to the Data Processor and to grant all rights provided in this Agreement, including the additional data usage rights.The Data Controller shall FULLY INDEMNIFY, DEFEND, AND HOLD HARMLESS the Data Processor, its directors, officers, employees, agents, and affiliates from and against ANY AND ALL claims, actions, demands, liabilities, losses, damages, judgments, settlements, costs, and expenses (including reasonable attorneys' fees and costs) arising from or relating to:Any breach or alleged breach by the Data Controller of this AgreementAny claim by a data subject related to the collection, processing, or use of their Personal DataAny regulatory or governmental investigation or enforcement action related to the Data Controller's data practicesAny third-party claim related to the Data Controller's use of the Service or the results providedAny alleged violation of applicable law by the Data ControllerThis indemnification shall apply regardless of the theory of liability and shall survive termination of this Agreement. The Data Controller waives any and all claims against the Data Processor related to the Data Controller's compliance with data protection laws. The Data Controller strictly warrants that it has obtained all necessary rights, permissions, and legal bases to provide the Personal Data to Data Processor. The Data Controller bears sole responsibility for ensuring that any necessary data subject consents are obtained and maintained according to applicable law. Should such a consent be revoked by the data subject, Data Controller is responsible for communicating the fact of such revocation to the Data Processor. The Data Controller guarantees it has a documented legal basis before beginning processing and shall provide evidence of this legal basis if requested by the Data Processor or a supervisory authority. The Data Controller expressly warrants that it will NOT upload any kind of special categories of personal data to the Website neither its own special categories of personal data nor the data subject's special categories of personal data to whom the email campaigns are addressed. Special categories of personal data include but are not limited to any government-issued identification number; credit or debit card details or financial account number, with or without any code or password that would permit access to the account; or information on race, religion, ethnicity, sex life or practices or sexual orientation, medical or health information, genetic or biometric information, biometric templates, political or philosophical beliefs, political party or trade union membership, or information on any judicial or administrative proceedings.
Data Processing Details
4.1 Nature and Purpose of Processing
The purpose of processing Personal Data is the performance of the Service as set in Terms of Service, includes following processing activities: collection, recording, storage, adaptation, alteration and back-upping Personal Data, as well as other activities as required to provide the Service.
4.2 Type of Personal Data and Data Subjects The Controller engages Provider in processing of the Personal Data of the following category of data subjects:
Contacts: including persons whose Personal Data are on the Email list.The Controller engages Provider for processing of the following categories of Personal Data:
Email list: Email addresses uploaded by the Controller to the Website and which are subject of the Service.
Additional information: any Personal Data that is uploaded by the Data Controller into the Data Processor's system.
4.3 Duration of Processing
The Data Processor will only process the Personal Data according to the Service as set in Terms of Service and during the duration of Terms of Service, except as required to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller.
Additional Data Usage Rights
The Data Controller expressly acknowledges and agrees that the Data Processor may use, store, analyze, and process any data uploaded by the Data Controller for additional business purposes beyond the immediate service provided, including but not limited to:
Aggregating data for market research, statistical analysis, and product improvement
Creating derivative data products and services
Including data in databases, datasets, or similar products that may be licensed or sold to third parties
Using patterns, insights, or metadata derived from the uploaded data to enhance machine learning models or algorithms
Incorporating processed data into database-as-a-service offerings or other data products
The Data Controller warrants that it has obtained all necessary rights, permissions, and legal bases to grant these additional usage rights to the Data Processor. The Data Controller also represents that it has provided appropriate notice to data subjects that their data may be used for these additional purposes to the extent required by applicable law. The Data Controller shall defend, indemnify, and hold harmless the Data Processor from any claims arising from the Data Processor's use of the data as permitted under this section.
Operational Provisions
6.1 Use of Sub-Processors
To ensure proper provision of the Service, Controller authorizes Processor to engage other processors for carrying out processing activities. For the avoidance of doubt and without limiting the general authorization granted to Processor in the preceding sentence, the Controller agrees to the sub-processors listed below: The Data Processor stores and processes Personal Data on its servers in the United States: OVH Cloud Inc. Processor will share Personal Data with its programmers/developers based in the United States:Levanta Labs LLC Processor may obtain further sub-processor and disclose the Personal Data to a sub-processor with the prior consent of the Controller. It is considered a valid consent if the Processor updates its Terms of Service, or Privacy Policy and the Controller continues using the Service. In the event of sub-processing, Processor warrants that the processing activity is carried out in accordance with this Data Processing Agreement by a written agreement with the sub-processor providing at least the same level of protection and confidentiality for the Personal Data and the rights of data subject as the Processor under these clauses. If no other legal basis applies, Personal Data shall be transferred from the EU to third countries only if at least one of the following conditions is met:the transfer is necessary for the performance of a contract between the Controller and the Processor or of pre-contractual measures taken at the Controller's request;the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Controller between the Processor and another natural or legal person;the transfer is necessary for important reasons of public interest;the transfer is necessary for establishment, exercise or defense of legal claims;the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent. In such cases, the Processor shall inform the Controller about the legal bases the transfer is based on via the Website.The Data Processor may use and disclose other data (not personal data) for any purpose, except where the Data Processor are not allowed to under applicable law. By using our Service and integrating your third-party email marketing account in our Service you agree that we can programmatically access and check your reports and may retain information and statistics of your verified email addresses.
6.2 Security of the Processing
The Data Processor will implement security measures that are appropriate to the risks presented by the processing, considering available technology, implementation costs, and the nature of the Personal Data being processed.The Data Controller acknowledges and agrees that the measures implemented by the Data Processor are sufficient to provide an appropriate level of protection for the Personal Data processed under this Agreement, and the Data Controller shall not require the Data Processor to implement additional measures unless explicitly required by applicable law.
6.3 Assistance
The Data Processor may provide reasonable assistance to the Data Controller in responding to requests for exercising data subject rights, solely to the extent that such assistance is technically feasible and does not impose a disproportionate burden on the Data Processor. The Data Controller shall compensate the Data Processor for any costs incurred in providing such assistance.If the Data Processor receives a complaint, inquiry or request related to the Controller's Personal Data directly from data subjects, it will use commercially reasonable efforts to redirect the data subject to the Data Controller, and the Data Controller shall handle all further communications with the data subject.The Data Controller is solely responsible for notifying relevant supervisory authorities of any Personal Data breach as required by applicable law.
6.4 Personal Data Breach
If the Data Processor becomes aware of a confirmed personal data breach that affects the Personal Data processed on behalf of the Data Controller, the Data Processor will notify the Data Controller without undue delay.The notification may include available information about the nature of the breach. The Data Controller is solely responsible for fulfilling any legal obligations to notify supervisory authorities and affected data subjects. The Data Controller shall indemnify and hold harmless the Data Processor against any claims, damages, or liabilities arising from any personal data breach that was not directly caused by the Data Processor's failure to comply with its express obligations under this Agreement.
6.5 Returning or Deletion of Personal Data
Upon termination of this Data Processing Agreement or the Data Controller's written request, the Data Processor shall make commercially reasonable efforts to delete the Personal Data in its active systems within a reasonable timeframe, unless retention is required by applicable law.The Data Controller acknowledges and agrees that Personal Data may remain in backup or archive systems for a reasonable period according to the Data Processor's standard backup and retention practices, and such data will be deleted in the ordinary course of such practices. The Data Processor's obligations under this Agreement shall continue to apply to any Personal Data retained in such backup or archive systems until deletion.
Liability
The Data Controller expressly represents and warrants that all data provided by it (a) complies with all applicable laws and regulations; (b) has been obtained with all necessary licenses, consents, and permits; and (c) does not violate any third-party rights. The Data Controller assumes sole responsibility for its use of the Service and for any conclusions drawn from such use.The Data Processor shall not be liable for any claims, damages, losses, expenses, costs or other liability under any legal theory whatsoever arising from or related to this Agreement, including but not limited to contractual, tort, or statutory liability. In no event shall the Data Processor be liable for any indirect, incidental, special, exemplary, punitive or consequential damages of any kind.In jurisdictions that do not allow the exclusion of liability but allow limitations of liability, the Data Processor's total liability under this Agreement shall not exceed the lesser of (a) the amounts paid by the Data Controller to the Data Processor during the one (1) month preceding the event giving rise to the liability, or (b) twenty-five dollars ($25.00 USD).The Data Controller acknowledges and agrees that these limitations of liability are an essential basis of the bargain and that the Data Processor would not enter into this Agreement without such limitations.
General Rules
This Data Processing Agreement shall come into effect on the date the Data Controller electronically accepts this Data Processing Agreement. If both parties agree to the Agreement, it is effective immediately after signature.Either party may terminate this agreement by giving each other 1 week notice in writing.The Parties may amend the Agreement from time to time, as the Parties may reasonably consider necessary to meet the requirements of the GDPR.
In the event of any dispute, claim, question, or disagreement arising from or relating to this Agreement, whether arising in contract, tort or otherwise, the parties shall first use their best efforts to resolve the Dispute. If a Dispute arises, the complaining party shall provide written notice to the other party in a document, specifically setting forth the precise nature of the dispute. If a notice is being sent to Provider it must be emailed to jack@omniverifier.com.In the event that a dispute between the parties cannot be settled, the parties agree to submit the dispute to binding arbitration.
The arbitration shall be conducted in English and shall be held in a location determined by the Data Processor at its sole discretion.
Agreement signed on ______________[CLIENT NAME] [CLIENT EMAIL] on behalf of Data Controller