1. Data Processing Addendum (DPA)
This Data Processing Addendum ("DPA") forms part of the agreement between JSK Business Solutions Pvt Ltd ("Processor") and the customer identified in the applicable order, signup, purchase, or service arrangement ("Customer" or "Controller") governing the use of NameToProfile.
This DPA applies only to the extent that Processor processes personal data on behalf of Customer as a processor, service provider, or contractor, as applicable.
2. Definitions
For this DPA, Applicable Data Protection Law means applicable laws governing the processing of personal data, including, where applicable, the Digital Personal Data Protection Act, 2023, the GDPR, the UK GDPR, Swiss data protection law, and applicable U.S. state privacy laws. Customer Data means personal data submitted by or for Customer to the Service for processing on Customer's behalf. Controller includes "Data Fiduciary", "business", or equivalent term under Applicable Data Protection Law. Processor includes "data processor", "service provider", "contractor", or equivalent term under Applicable Data Protection Law.
3. Scope and Roles
This DPA applies where Processor processes Customer Data on behalf of Customer in connection with the Service. The parties acknowledge that Customer is the Controller of Customer Data and Processor acts as Processor of Customer Data.
This DPA does not apply to personal data for which Processor acts as an independent controller or business, such as account registration, billing, fraud prevention, support, compliance, or operational analytics data processed for Processor's own legitimate business purposes.
4. Subject Matter, Duration, Nature, and Purpose
- Subject Matter: processing of Customer Data submitted through the Service.
- Duration: for the period during which Processor provides the Service to Customer and any limited post-termination period required for deletion, return, backup cycling, dispute handling, or legal compliance.
- Nature of Processing: collection, access, storage, organization, structuring, transmission, use, analysis, retrieval, and deletion of Customer Data as necessary to provide the Service.
- Purpose of Processing: to provide URL resolution, add-in functionality, batch processing, support, security, fraud prevention, service administration, and other related functions requested by Customer.
5. Customer Instructions
Processor shall process Customer Data only on documented instructions from Customer, as necessary to provide the Service, or as required by applicable law. Customer instructs Processor to process Customer Data as necessary to provide and support the Service in accordance with the agreement and this DPA. Customer is solely responsible for the lawfulness of Customer Data and the means by which Customer obtained it.
6. Customer Obligations
Customer shall ensure that it has a lawful basis for processing and transferring Customer Data to Processor, provide all required notices and obtain all required consents or permissions, ensure that its instructions comply with Applicable Data Protection Law, and not instruct Processor to process sensitive or prohibited data unless expressly agreed in writing.
7. Confidentiality
Processor shall ensure that persons authorized to process Customer Data are subject to appropriate confidentiality obligations.
8. Security Measures
Processor shall implement reasonable and appropriate technical and organizational measures designed to protect Customer Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or unauthorized disclosure or access. Such measures may include access controls, role-based restrictions, authentication controls, encryption in transit, encryption at rest where supported and appropriate, logging and monitoring, environment and secrets management, vulnerability and dependency management, backup and recovery processes, and incident response procedures.
9. Subprocessors
Customer grants Processor general authorization to engage subprocessors to support the Service. Processor shall remain responsible for the acts and omissions of its subprocessors to the extent required by law and contract. Processor may use subprocessors for categories such as cloud hosting and infrastructure, authentication, email delivery, monitoring and logging, customer support systems, file and data storage, and payment processing. Payment processors such as PayPal may act as independent controllers for payment data they process under their own legal and contractual responsibilities.
Customer may request reasonable information about current subprocessors by contacting Processor.
10. Assistance with Data Subject Requests
Taking into account the nature of processing, Processor shall provide reasonable assistance to Customer, insofar as possible, to help Customer respond to lawful requests from data subjects or data principals relating to Customer Data. If Processor receives a request directly relating to Customer Data, Processor may refer the request to Customer unless applicable law requires Processor to respond directly.
11. Assistance with Compliance
Taking into account the nature of processing and the information available to Processor, Processor shall provide reasonable assistance to Customer with security obligations, personal data breach notifications, data protection impact assessments where appropriate, and consultations with regulators where appropriate and reasonably required. Such assistance may be subject to reimbursement of reasonable costs unless otherwise agreed.
12. Personal Data Breach
Processor shall maintain incident-response procedures designed to identify, investigate, and respond to personal data breaches affecting Customer Data. If Processor becomes aware of a confirmed personal data breach affecting Customer Data, Processor shall notify Customer without undue delay, taking into account the information reasonably available at the time. Such notice may be phased if full details are not immediately available.
13. Return and Deletion
Upon termination of the relevant Service, Processor shall, subject to technical feasibility, retention settings, backup cycles, dispute obligations, and legal requirements, delete Customer Data or return Customer Data where return functionality is available or agreed. Processor may retain Customer Data to the extent required by applicable law, security, accounting, audit, dispute resolution, or legitimate backup processes, subject to confidentiality and restricted use.
14. Audits and Information
Processor shall make available information reasonably necessary to demonstrate compliance with this DPA. Where required by Applicable Data Protection Law, and subject to reasonable notice, confidentiality protections, scope limitations, and operational safeguards, Customer may request an audit or inspection limited to matters relevant to this DPA.
Any audit shall occur no more than once in a 12-month period unless required by law or due to a confirmed security incident, be conducted during normal business hours, avoid unreasonable disruption, protect the confidentiality of other customers and Processor's systems, and be subject to reasonable cost reimbursement where permitted.
15. International Transfers
Customer acknowledges that Processor may process Customer Data in India and other jurisdictions. Where Applicable Data Protection Law requires an approved transfer mechanism for restricted international transfers, the parties shall cooperate in good faith to implement such mechanism. For EEA transfers, the parties may enter into the European Commission's Standard Contractual Clauses where required. For UK transfers, the parties may enter into the UK International Data Transfer Agreement or the UK Addendum to the SCCs where required.
16. Liability and Precedence
This DPA is subject to the limitations and exclusions of liability set out in the main agreement, unless applicable law requires otherwise. If there is a conflict between this DPA and the main agreement on matters of data protection, this DPA controls to the extent of that conflict.
17. Annex I - Details of Processing
- Categories of Data Subjects: Customer personnel, leads, prospects, or professional contacts submitted by Customer, support contacts, and business users of the add-ins or dashboard.
- Categories of Personal Data: names, business email addresses where submitted by Customer, LinkedIn Sales Navigator lead URLs, public profile URLs, spreadsheet or workbook content submitted for processing, account and contact details, and usage and technical metadata.
- Sensitive Data: Processor does not require Customer to submit special-category or highly sensitive data for the normal operation of the Service. Customer shall not submit such data unless expressly agreed in writing.
- Nature of Processing: collection, storage, analysis, matching, retrieval, transmission, support, deletion, and related processing required to provide the Service.
- Purpose of Processing: to provide the NameToProfile Service and related support, security, and administrative functions.
18. Annex II - Security Measures
Processor's security measures may include least-privilege access principles, role-based access where appropriate, authentication and credential controls, encryption in transit, encryption at rest where supported and appropriate, access logging and monitoring, secure secrets handling, patching and dependency maintenance, backup and recovery processes, incident response procedures, and vendor and infrastructure controls.
19. Annex III - Subprocessor Categories
Processor may use subprocessors in the following categories: cloud hosting and infrastructure, authentication and identity services, email and transactional messaging, support and ticketing, monitoring and logging, file storage and delivery, and payment processors.
To request current subprocessor information, contact: info@nametoprofile.com