verified
Sign in Get started now

DPA Policy

Information

DPA Policy

Emaillistvalidation, a company incorporated under the laws of Slovakia, seated at: Šípová 1288/47, 949 01 Nitra-Chrenová, Slovakia (collectively referred to as: “Data Processor”, “Processor”, “Provider”, “we”, or “us”), and [[Company name]], [[address]] (collectively referred to as: “Data Controller”, “Controller”, or “you”).

Data Controller and Data Processor are hereinafter also jointly referred to as “Parties” and each separately as a “Party”.

This Data Processing Agreement (collectively referred to as: “Agreement”) forms part of the Terms of Service (collectively referred to as: “Terms of Service”) by and between the Parties and is subject to the Terms of Service. In the event of any discrepancies between the Terms of Service and this Agreement, the provisions of this Agreement in relation to personal data protection shall prevail.

The service provided by the Provider to the Controller may require the Provider to process Personal Data (as defined below). The Parties wish to ensure that the processing of Personal Data is in conformity with applicable laws, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), and with other applicable data protection laws.

For the purposes of this Agreement, the Data Controller is the controller of the Personal Data, and the Provider is the processor of such data, except when the Data Controller acts as a processor of a third party’s Personal Data, in which case the Provider is a sub-processor. The detailed scope of Personal Data and the categories of data subjects are defined below.

It is agreed that by signing (accepting) this Data Protection Agreement, any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this Agreement relieves the Data Processor or the Data Controller of their own direct responsibilities and liabilities under the GDPR.

DEFINITIONS

“Data Controller”: A person or company that uses the Data Processor’s Service and controls the Personal Data processed using the Data Processor’s Service, as set in the Privacy Policy, Terms of Service, and this Data Processing Agreement.

“Data Processor”: A person or company that processes personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal data processing.

“GDPR”: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data”: Any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier. Personal Data related to the Service is data entrusted to us by the Data Controller for processing in relation to the use of the Service.

“Emaillistvalidation”: The service provided by the Provider.

“Website”: mailver.net operated by the Provider.

“Service” or “Services”: As defined in the Terms of Service.

BACKGROUND OF DATA PROCESSING

This Data Processing Agreement applies exclusively to the processing of Personal Data that is subject to EU Data Protection Law, as outlined in the Terms of Service and this Data Processing Agreement of even date hereof between the Parties for the provision of the Service.

Pursuant to Article 28(3) of the GDPR, the Controller engages the Provider to process the Personal Data, and the Provider hereby accepts the processing. This Agreement sets out certain information regarding the processing of Personal Data as required by the GDPR.

The Parties have entered into this Data Processing Agreement to benefit from the expertise of the Processor in processing Personal Data for the purposes set out below and in the Terms of Service. The Data Processor shall exercise discretion as necessary to pursue these purposes, subject to the requirements of this Agreement and the Terms of Service.

The Data Processor provides the Data Controller with the necessary information to ensure compliance with GDPR obligations. The Data Controller is responsible for maintaining Data Subjects’ rights. The Data Processor assists the Data Controller by allowing Data Subjects to exercise their rights.

The Data Controller warrants that it has all necessary rights to provide the Personal Data to the Data Processor for processing in relation to the Services. To the extent required by applicable data protection law, the Data Controller is responsible for ensuring that any necessary data subject consents to this processing are obtained and for maintaining a record of such consents. Should such consent be revoked by the data subject, the Data Controller is responsible for notifying the Data Processor, which must implement the Data Controller’s instructions regarding further processing of the Personal Data.

The Data Controller must have a lawful basis for processing and should document it. The Data Processor reserves the right to request documentation of the lawful basis. If requested, the Data Controller must provide this documentation immediately, but no later than seven (7) days.

The Data Controller represents and warrants that it will not upload special categories of personal data to the Website, whether its own or those of data subjects to whom the email campaigns are addressed. Special categories of personal data include, but are not limited to:

Government-issued identification numbers.

Credit or debit card details or financial account numbers, with or without any code or password that would permit access to the account.

Special categories of personal data include but are not limited to any race, religion, ethnicity, sex life or practices, sexual orientation, medical or health information, genetic or biometric information, political or philosophical beliefs, political party or trade union membership, or information on judicial or administrative proceedings.

NATURE AND PURPOSE OF DATA PROCESSING

The purpose of processing Personal Data is the performance of the Service as outlined in the Terms of Service. Processing activities include:

  • Collection.
  • Recording.
  • Storage.
  • Adaptation.
  • Alteration.
  • Backing up Personal Data.
  • Other activities required to provide the Service.

TYPE OF PERSONAL DATA AND SUBJECT OF PROCESSING

The Controller engages the Provider to process the Personal Data of the following category of data subjects:

Contacts: Individuals whose Personal Data are included on email lists provided by the Controller.

The Controller engages the Provider to process the following categories of Personal Data:

Email List: Email addresses uploaded by the Controller to the Website and processed as part of the Service.

Additional Information: Any Personal Data uploaded by the Data Controller into the Data Processor’s system.

DURATION OF PROCESSING

The Data Processor will process the Personal Data strictly for the purposes defined in the Service as outlined in the Terms of Service and only during the validity of the Terms of Service. Exceptions apply if processing is necessary to comply with a legal obligation to which the Data Processor is subject. In such cases, the Data Processor shall inform the Data Controller of the legal obligation before processing, unless prohibited by law from providing such information.

USE OF SUB-PROCESSORS

To ensure proper service delivery, the Controller authorizes the Processor to engage sub-processors for specific processing activities.

The Processor may engage additional sub-processors and disclose Personal Data to them with prior consent from the Controller. This consent is deemed granted if the Processor updates its Terms of Service or Privacy Policy and the Controller continues using the Service. When engaging sub-processors, the Processor ensures processing activities comply with this Data Processing Agreement, via written agreements providing equivalent protection and confidentiality as required by these clauses. If no other legal basis applies, Personal Data shall only be transferred from the EU to third countries under at least one of the following conditions:

  • Necessary for performance of a contract between the Controller and the Processor, or pre-contractual measures at the Controller’s request.
  • Necessary for the conclusion or performance of a contract in the interest of the Controller between the Processor and another entity.
  • Necessary for public interest reasons.
  • Necessary for legal claims or their defense.
  • Necessary to protect the vital interests of the data subject or others if the data subject cannot give consent.

In such cases, the Processor shall inform the Controller about the legal basis for the transfer via mailver.net.

The Data Processor may use and disclose anonymized data (not Personal Data) for any purpose permitted by law. By integrating third-party email marketing accounts into the Service, the Controller agrees that the Processor can access, check reports, and retain certain information/statistics about verified email addresses. Shared Personal Data is anonymized with SHA-512 encryption to ensure it is anonymous.

RETURNING OR DELETION OF PERSONAL DATA

Upon termination of this Agreement, at the written request of the Data Controller, or once all processing purposes are fulfilled, the Data Processor shall either delete, destroy, or return all Personal Data and destroy or return any existing copies, as directed by the Controller. The Data Processor will notify all sub-processors supporting its activities of the termination and ensure they also delete or return Personal Data. If consent is not withdrawn, the Processor will retain Personal Data for up to 1 year after ceasing to provide services. Deleted files may remain in backups for an additional 5 days to maintain system functionality.

The Processor may retain Personal Data for longer periods if required by law or upon official orders. Once the retention period expires, Personal Data will be deleted, and rights such as access, erasure, rectification, and portability cannot be enforced thereafter.

SECURITY OF PROCESSING

The Data Processor ensures robust technical and organizational measures for data security, including:

  • Secure connections for transmitting Personal Data.
  • Automated data processing on servers with limited human interaction. Human review is limited to specific cases, such as investigating complaints.
  • Contractors accessing Personal Data must sign confidentiality and data processing agreements.
  • Regular monitoring of systems for vulnerabilities, including penetration testing.
  • Annual data protection impact assessments with actions for improvement.

The Processor ensures Personal Data confidentiality, restricting access to those with a need to know, bound by confidentiality agreements. These obligations remain effective even after the Agreement's termination.

ASSISTANCE

The Data Processor assists the Data Controller in responding to data subject requests under the GDPR, including complaints and inquiries. The Processor notifies the Controller of such requests within 15 days of receipt.

The Processor provides the Controller with necessary information and supports audits or inspections related to compliance. The Controller bears any costs arising from such assistance.

PERSONAL DATA BREACH

The Processor will notify the Controller of any Personal Data breaches within 48 hours of discovery. It will cooperate fully with the Controller to investigate and respond to incidents. Breaches include but are not limited to:

  • Unauthorized access, deletion, or disclosure of Personal Data.
  • Investigations or seizures by authorities involving Personal Data.
  • Complaints or requests regarding data subject rights.

The Processor ensures Personal Data confidentiality, restricting access to those with a need to know, bound by confidentiality agreements. These obligations remain effective even after the Agreement's termination.

LIABILITY

The Data Controller warrants that its data processing complies with all applicable laws and assumes responsibility for its use of processed data. The Processor is not liable for the Controller’s claims or damages related to Personal Data breaches.

The Controller indemnifies the Processor against any claims or damages arising from improper data processing. If claims arise, the Controller may be required to join legal proceedings to assume full liability.

GENERAL RULES

This Agreement becomes effective upon the Data Controller’s electronic acceptance. Either Party may terminate the Agreement with one week’s written notice. Amendments may be made to meet GDPR requirements. Unresolved disputes will be submitted to binding arbitration under Slovak law. Notices to the Processor must be sent to [email protected] and via mail to Šípová 1288/47, 949 01 Nitra-Chrenová, Slovakia.

How can you contact us ?

[email protected]


Support