Data Processing Addendum (DPA)
Business clients whose use of Brimky involves processing personal data of EU / UK residents (under GDPR / UK GDPR) or California residents (where Brimkyacts as a “service provider” under CCPA / CPRA) can request a Data Processing Addendum to govern that processing relationship.
What the DPA covers
- Client as controller / business; Brimky as processor / service provider
- Documented processing instructions
- Confidentiality of processing staff
- Security measures (technical and organizational)
- Subprocessor list, authorization, and onward-flow obligations
- Personal-data-breach notification timing and content
- Assistance with data-subject requests and DPIAs
- Deletion / return of personal data at end of services
- Audit rights and information requests
- International data transfers (Standard Contractual Clauses and/or UK IDTA where applicable)
- Restricted categories of data and prohibited uses
- Statement that we do not sell or share personal data for cross-context behavioral advertising
How to request the DPA
Email [email protected] from the email address associated with your account. Include:
- Your legal company name
- Account email / order ID
- Country of establishment and the law you want the DPA to apply (GDPR, UK GDPR, CCPA, or all)
- Whether you require a signed copy or are accepting our standard pre-signed DPA
We’ll return a countersigned DPA within a reasonable timeframe. Once executed, the DPA forms part of your Terms of Service for the data it covers.
Customers without a DPA
Customers that do not have a signed DPA are still subject to our Privacy Policy, the privacy-related sections of the Terms of Service, and the CMS Submission Policy (which prohibits submitting sensitive categories of personal data through the Services unless we have expressly agreed). For most Client use-cases — standard contact forms, marketing pages, non-sensitive lead capture — that baseline is sufficient.