Gexzen – Data Processing Agreement
Data Processing Agreement (DPA)
Last updated: April 2025
This Data Processing Agreement (“Agreement”) forms part of the Terms of Service and applies to the processing of Personal Data by Gexzen (“Processor”) on behalf of its customers (“Controller”).
This Agreement is entered into in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Definitions
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, such as collection, storage, use, or disclosure.
“Controller” refers to the customer who determines the purposes and means of Processing Personal Data.
“Processor” refers to Gexzen, which processes Personal Data on behalf of the Controller.
“Data Protection Laws” means GDPR and any applicable data protection regulations.
2. Scope & Purpose of Processing
Gexzen processes Personal Data solely for the purpose of providing its services, including:
Custom B2B lead list creation
Data research and enrichment
Email verification and validation
Delivery of contact datasets requested by the Controller
Processing is performed only in accordance with documented instructions from the Controller.
3. Categories of Data & Data Subjects
3.1 Data Subjects
Business professionals
Company representatives
Decision-makers acting in a professional capacity
3.2 Types of Personal Data
Business names
Professional email addresses
Job titles
Company names
Publicly available business contact information
Gexzen does not intentionally process sensitive personal data.
4. Obligations of Gexzen (Processor)
Gexzen agrees to:
Process Personal Data lawfully, fairly, and transparently
Ensure confidentiality of all processed data
Implement appropriate technical and organizational security measures
Restrict access to Personal Data to authorized personnel only
Not process Personal Data for purposes other than those agreed
5. Security Measures
Gexzen maintains industry-standard safeguards, including:
Secure data storage and access controls
Internal access limitations
Encrypted data transfers where applicable
Regular review of data handling practices
6. Sub-Processors
Gexzen may engage third-party sub-processors to assist in providing services (e.g., verification tools or infrastructure providers).
Gexzen ensures that all sub-processors:
Are bound by data protection obligations
Provide equivalent levels of data security and compliance
7. Data Subject Rights
Where applicable, Gexzen will assist the Controller in responding to requests related to:
Access
Rectification
Erasure
Restriction of processing
Gexzen does not respond directly to Data Subject requests unless required by law.
8. Data Retention & Deletion
Personal Data is retained only for as long as necessary to fulfill the service.
Upon completion of services or upon request, Gexzen will:
Delete or anonymize Personal Data, unless retention is required by law
9. International Data Transfers
Where Personal Data is transferred outside the European Economic Area (EEA), Gexzen ensures appropriate safeguards are in place in accordance with GDPR requirements.
10. Audits & Compliance
Upon reasonable request, Gexzen will make available information necessary to demonstrate compliance with this Agreement.
11. Liability
Each party shall be liable for damages caused by its own breach of applicable data protection laws.
Nothing in this Agreement limits liability where such limitation is prohibited by law.
12. Term & Termination
This Agreement remains in effect for the duration of the service relationship.
Upon termination, Gexzen will cease processing Personal Data in accordance with Section 8.
13. Governing Law
This Agreement shall be governed by and construed in accordance with applicable data protection laws, including GDPR.
14. Contact Information
For any questions related to data protection or this Agreement, contact: