This Data Processing Agreement ("DPA") forms part of the agreement between ClickDotEmail ("Processor", "we", "our", or "us") and the customer using ClickDotEmail services ("Controller", "Customer", or "you").

This DPA applies where ClickDotEmail processes Personal Data on behalf of a Customer subject to applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), UK GDPR, and other applicable privacy laws.

# 1. Roles of the Parties

The Customer is the Data Controller and determines:

* The purposes for which Personal Data is processed.
* The lawful basis for processing Personal Data.
* The categories of Personal Data uploaded to the platform.
* The recipients to whom communications are sent.

For Customer Data processed on behalf of Customers, ClickDotEmail generally acts as a Data Processor and processes Personal Data only as necessary to provide email delivery and related services.

ClickDotEmail does not determine:

* How recipient data is collected.
* The source of recipient email addresses.
* Whether consent has been obtained.
* The Customer's lawful basis for processing Personal Data.

The Customer remains solely responsible for ensuring compliance with all applicable privacy and marketing laws.

# 2. Customer Responsibilities

The Customer represents and warrants that:

* It has all necessary rights and permissions to process Personal Data.
* It has a lawful basis for processing recipient information.
* Any marketing communications comply with applicable laws and regulations.
* Recipient information has not been obtained through purchased, rented, harvested, scraped, appended, or otherwise unauthorized sources.
* It can provide evidence of consent or lawful basis upon request.

The Customer acknowledges that ClickDotEmail may request information regarding the source and legality of recipient data when complaints are received.

Failure to provide such information may result in account suspension or termination.

# 3. Nature and Purpose of Processing

ClickDotEmail processes Personal Data solely for the purpose of:

* Delivering email communications.
* Managing mailing lists and suppression lists.
* Processing unsubscribe requests.
* Generating delivery and engagement reports.
* Providing customer support.
* Monitoring abuse, fraud, spam, and platform security.

# 4. Categories of Personal Data

Depending on Customer usage, Personal Data processed may include:

* Email addresses.
* Names.
* Company names.
* IP addresses.
* Device and browser information.
* Email engagement data.
* Suppression and unsubscribe records.
* Campaign activity logs.

The Customer is responsible for determining what Personal Data is uploaded to the platform.

# 5. Data Subject Requests

Where ClickDotEmail receives a request relating to Personal Data controlled by a Customer, ClickDotEmail may:

* Notify the Customer of the request.
* Refer the request to the Customer for response.

Because the Customer determines the purposes and lawful basis of processing, the Customer is responsible for responding to requests regarding:

* Consent.
* Lawful basis.
* Data collection practices.
* Retention decisions.
* Marketing permissions.

ClickDotEmail may reasonably assist the Customer in responding to such requests where required by applicable law.

# 6. International Data Transfers

The Customer acknowledges that Personal Data may be processed in countries where ClickDotEmail, its infrastructure providers, or authorized subprocessors operate.

Where required by applicable law, ClickDotEmail will implement appropriate safeguards for international data transfers.

# 7. Security Measures

ClickDotEmail maintains administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

These measures may include:

* Encrypted data transmission.
* Access controls.
* Authentication controls.
* Firewalls.
* Security monitoring.
* Backup systems.
* Abuse detection systems.

# 8. Data Retention

Customer account and campaign data may be retained for operational, legal, security, compliance, and abuse-prevention purposes.

ClickDotEmail may delete campaign and related data after applicable retention periods.

Suppression records may be retained for the purpose of preventing future mailings to recipients who have opted out or requested removal.

# 9. Spam and Abuse Complaints

ClickDotEmail operates a zero-tolerance spam policy.

Where a complaint is received, ClickDotEmail may require the Customer to provide information regarding:

* The source of the recipient data.
* Evidence of consent.
* Evidence of a pre-existing business relationship.
* The lawful basis relied upon for processing.

Failure to provide requested information may result in suspension or termination of services.

# 10. Subprocessors

ClickDotEmail may engage subprocessors to provide infrastructure, hosting, delivery, analytics, security, support, or related services. Examples of such providers may include cloud hosting providers such as Amazon Web Services (AWS), email infrastructure providers, analytics providers, and customer support tools.

ClickDotEmail remains responsible for ensuring that subprocessors are subject to appropriate confidentiality and data protection obligations.

## 11. Confidentiality

ClickDotEmail personnel with access to Personal Data are subject to confidentiality obligations and may access Personal Data only as necessary to provide services or support.

# 12. Deletion and Return of Data

Upon termination of services, ClickDotEmail may delete Customer data in accordance with its retention policies.

Certain records may be retained where necessary for:

* Security purposes.
* Fraud prevention.
* Legal compliance.
* Abuse prevention.
* Maintenance of suppression lists.

# 13. Limitation of Responsibility

ClickDotEmail provides the technical infrastructure used to transmit communications.

The Customer remains solely responsible for:

* The collection of recipient data.
* The accuracy of recipient data.
* The legality of processing.
* Compliance with anti-spam laws.
* Compliance with privacy and data protection laws.
* Responses to data subject inquiries relating to the Customer's processing activities.

# 14. Contact Information

Privacy and Data Protection Requests:

[privacy@clickdotemail.com](mailto:privacy@clickdotemail.com)

Abuse and Spam Complaints:

[abuse@clickdotemail.com](mailto:abuse@clickdotemail.com)

ClickDotEmail
USA: 3505 Tenmile, Fleming Island, Florida 32003, USA

INDIA: 04 Himalaya CHS, Ambernath, Thane 421501, Maharashtra, India