Data Processing Agreement

Effective Date: 8th of July 2025

This Data Processing Agreement (“DPA”) supplements the Terms of Service and governs the processing of personal data by Malka Solutions LLC (“Processor”) on behalf of Customer (“Controller”).

1. Definitions

Terms used in this DPA have the meanings set forth in the GDPR and other applicable data protection laws.

2. Data Processing Details

2.1 Categories of Data Subjects
  • Customer’s employees and authorized users
  • Customer’s business contacts and leads
  • Trade show attendees and prospects
2.2 Categories of Personal Data
  • Contact information (names, email addresses, phone numbers)
  • Professional information (job titles, company names)
  • Communication content and preferences
  • Voice recordings and transcriptions
  • CRM and sales data
2.3 Purpose of Processing
  • Providing lead management and automation services
  • Customer relationship management
  • Communication facilitation
  • Analytics and reporting

3. Processor Obligations

3.1 Processing Instructions

Processor will process personal data only on documented instructions from Controller, including transfers to third countries.

3.2 Confidentiality

Processor ensures that persons authorized to process personal data are committed to confidentiality.

3.3 Security Measures

Processor implements appropriate technical and organizational measures to ensure data security, including:

  • Encryption of personal data
  • Ongoing confidentiality, integrity, and availability of processing systems
  • Regular testing and evaluation of security measures
  • Incident response procedures
3.4 Sub-processing

Processor may engage sub-processors with Controller’s consent. Current sub-processors include:

  • Google Cloud Platform (data storage)
  • Stripe (payment processing)
  • Google Services (productivity and analytics)

4. Data Subject Rights

4.1 Assistance

Processor will assist Controller in responding to data subject requests for:

  • Access to personal data
  • Rectification or erasure
  • Restriction of processing
  • Data portability
4.2 Technical and Organizational Measures

Processor will implement measures to facilitate Controller’s compliance with data subject rights.

5. Data Breach Notification

Processor will notify Controller without undue delay after becoming aware of a personal data breach affecting Controller’s data.

6. Data Protection Impact Assessment

Processor will provide reasonable assistance for any data protection impact assessments required by applicable law.

7. Data Retention and Deletion

7.1 Retention

Personal data will be retained only as long as necessary for the purposes outlined in this DPA.

7.2 Deletion

Upon termination of services or Controller’s request, Processor will delete or return all personal data unless required to retain data by applicable law.

8. Audits and Compliance

8.1 Audit Rights

Controller may conduct audits of Processor’s compliance with this DPA, subject to reasonable notice and confidentiality requirements.

8.2 Compliance Documentation

Processor will maintain records demonstrating compliance with data protection obligations.

9. Liability and Indemnification

Each party’s liability is limited as set forth in the Terms of Service. Each party will indemnify the other for damages arising from its breach of data protection obligations.

10. Governing Law

This DPA is governed by the same law as the Terms of Service and applicable data protection regulations.