Gexzen – Data Processing Agreement

Data Processing Agreement (DPA)

Last updated: April 2025

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service and applies to the processing of Personal Data by Gexzen (“Processor”) on behalf of its customers (“Controller”).

This Agreement is entered into in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).


1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person.

  • “Processing” means any operation performed on Personal Data, such as collection, storage, use, or disclosure.

  • “Controller” means the customer who determines the purposes and means of processing Personal Data.

  • “Processor” means Gexzen, which processes Personal Data on behalf of the Controller.

  • “Data Protection Laws” means GDPR and any applicable data protection regulations.


2. Scope & Purpose of Processing

Gexzen processes Personal Data solely for the purpose of providing B2B outbound services, including:

  • Manually verified B2B data research

  • ICP-based targeting and enrichment

  • Outbound campaign execution

  • Email validation and verification

  • Qualified sales meeting generation and coordination

Processing is performed strictly based on documented instructions from the Controller.

Gexzen does not use Personal Data for unrelated purposes or independent commercial exploitation.


3. Categories of Data & Data Subjects

3.1 Data Subjects

  • Business professionals

  • Company representatives

  • Decision-makers acting in a professional capacity

3.2 Types of Personal Data

  • Business names

  • Professional email addresses

  • Job titles

  • Company names

  • Publicly available professional contact information

Gexzen does not intentionally process sensitive personal data.


4. Obligations of Gexzen (Processor)

Gexzen agrees to:

  • Process Personal Data lawfully, fairly, and in accordance with GDPR

  • Maintain confidentiality of all processed data

  • Implement appropriate technical and organizational security measures

  • Restrict access to authorized personnel only

  • Process Personal Data only for the purposes defined in this Agreement

  • Assist the Controller where reasonably necessary for compliance obligations


5. Security Measures

Gexzen implements industry-standard security measures, including:

  • Secure data storage and controlled access systems

  • Internal access restrictions based on necessity

  • Encrypted data transfers where applicable

  • Regular review and improvement of data handling procedures


6. Sub-Processors

Gexzen may engage third-party service providers (“Sub-processors”) to support service delivery, including infrastructure, verification tools, and communication systems.

All Sub-processors are required to:

  • Maintain appropriate data protection and security standards

  • Process Personal Data only under Gexzen’s instructions

  • Comply with GDPR-equivalent obligations


7. Data Subject Rights

Where applicable, Gexzen will reasonably assist the Controller in responding to requests from Data Subjects regarding:

  • Access

  • Rectification

  • Erasure

  • Restriction of processing

Gexzen does not respond directly to Data Subject requests unless legally required to do so.


8. Data Retention & Deletion

Personal Data is retained only for as long as necessary to perform the agreed services.

Upon completion of services or upon written request from the Controller, Gexzen will delete or anonymize Personal Data, unless retention is required by applicable law.


9. International Data Transfers

Where Personal Data is transferred outside the European Economic Area (EEA), Gexzen ensures appropriate safeguards are implemented in accordance with GDPR, including standard contractual clauses or equivalent mechanisms where required.


10. Audit & Compliance

Upon reasonable request, Gexzen may provide information necessary to demonstrate compliance with this Agreement, subject to confidentiality and security limitations.


11. Liability

Each party shall be responsible for its own compliance with applicable data protection laws.

Nothing in this Agreement excludes or limits liability where such limitation is not permitted under applicable law.


12. Term & Termination

This Agreement remains in force for the duration of the service relationship.

Upon termination, Gexzen will cease processing Personal Data and proceed with deletion or anonymization in accordance with Section 8.


13. Governing Law

This Agreement shall be governed by and interpreted in accordance with applicable data protection laws, including the GDPR.


14. Contact

For any questions related to data protection or this Agreement, please contact:

📧 dpa@gexzen.com