This Data Processing Agreement (“DPA”) supplements the LeadMethod Software as a Service Agreement (“Agreement”) between LeadMethod, Inc. and Customer (“Customer”, “you”, “your”) and is incorporated by reference into the Agreement.

1. Definitions. For the purposes of this DPA, the following terms have the meaning set out below:“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679). “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach”, and “Processing” have the same meanings as in the GDPR, and “Processed” and “Process” shall be construed in accordance with the definition of “Processing”.

Other capitalized terms used but not defined herein have the meanings set forth in the Agreement or are otherwise defined contextually within this DPA.

2. Where Customer’s Processing of Personal Data is subject to the GDPR, such as when Customer provides Customers’ potential client (“Customer’s Client”) contact information (including names, phone numbers, company name and address) (“Contact Data”) to LeadMethod’s Services, Customer acknowledges and agrees that Customer’s use of our Services may involve sending Personal Data to LeadMethod. To the extent that we Process such data as your Processor, this DPA applies, and will govern to the extent of any conflict with the Agreement.

3. To the extent that LeadMethod processes such Personal Data as your Processor, LeadMethod will:

• implement appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing or accidental loss, alteration, disclosure, destruction, or damage, including contractually binding employees, agents, and contractors to appropriate confidentiality requirements;
• notify you without undue delay of the discovery by LeadMethod of any Personal Data Breach;
• assist you by appropriate and possible technical and organizational measures, taking into account the nature of the processing and the information available to LeadMethod, to enable you to fulfill any obligations to respond to requests for the exercise of Data Subject rights under GDPR;
• assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to LeadMethod;
• upon your request, make available to you all information that is reasonably necessary to demonstrate LeadMethod’s compliance with its legal obligations as a data Processor under Article 28 of the GDPR;
• subcontract its data processing obligations under these Data Processing Terms to a sub-processor only by way of a written agreement with the sub-processors which subject those sub-processors to the equivalent obligations imposed upon LeadMethod by these Data Processing Terms; where the sub-processor fails to fulfill such obligations, LeadMethod will remain fully liable to you for the performance of that sub-processor’s obligations. LeadMethod will notify you in advance of any changes related to its sub-processor(s). If you reasonably object to such changes, you may inform LeadMethod in writing and stop using our Business Services;
• upon termination of the Agreement, cease processing and delete the Personal Data as soon as reasonably practicable; provided that LeadMethod may keep the Personal Data if LeadMethod is required to do so by applicable law, or to the extent that LeadMethod has a contractual right or obligation to use the Personal Data independent of the Agreement.

4. LeadMethod has made commitments under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks that may apply to Personal Data transferred by Customer to LeadMethod under the Agreement. Where Customer’s Contacts are in the European Union or Switzerland, and when applicable as the means to transfer Personal Data of such Customer Contacts to LeadMethod, you acknowledge that LeadMethod Privacy Shield certification applies to such data in addition to the Agreement. Follow the link below to view our EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield.