Data Processing Agreement (DPA)
Last Updated: March 16, 2026
Data Processing Agreement
This Data Processing Agreement ("DPA") reflects the parties' agreement with respect to the Processing of Personal Data by Brainito on behalf of the Client.
Roles & Responsibilities
The Client is the Data Controller. Brainito is the Data Processor. Brainito will process Personal Data only on the Client's documented instructions.
Details of Processing
- Subject-matter: Marketing services as described in the main agreement.
- Duration: Until the termination of the main agreement.
- Nature and Purpose: To provide marketing, consulting, and related services.
- Categories of Data: As described in the Privacy Policy (e.g., Contact, Identity, Usage Data).
Processor Obligations
Brainito will:
- Implement appropriate technical and organizational security measures.
- Ensure personnel are subject to confidentiality obligations.
- Assist the Client in responding to data subject requests.
- Notify the Client of any suspected data breach without undue delay.
Sub-processors
The Client authorizes Brainito to engage sub-processors (third-party tools) to deliver the services. A current list includes Google, Meta, LinkedIn, and CRM/email marketing platforms. Brainito will notify the Client of any changes to sub-processors.
Data Transfer Mechanisms
For transfers of personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, Brainito will rely on Standard Contractual Clauses (SCCs) as an appropriate safeguard.
Security Breach Procedures
Upon becoming aware of a data breach, Brainito will notify the Client without undue delay and provide reasonable information to help the Client meet its breach notification obligations.
Ready to Unlock Your Growth Strategy?
Join thousands of businesses that have already unlocked
their growth potential with Brainito.