Data Processing Agreement
Last updated May 1, 2026. This Data Processing Agreement ("DPA") forms part of the agreement between IGENPAXY and the Customer for the provision of marketing services. It applies where IGENPAXY processes Personal Data on behalf of the Customer subject to the GDPR, UK GDPR, or comparable laws.
1. Definitions
Capitalized terms not defined here have the meanings given in the GDPR. 'Customer' means the entity contracting with IGENPAXY for services. 'Personal Data' means any information relating to an identified or identifiable natural person.
2. Scope and roles
Customer is the Controller and IGENPAXY is the Processor with respect to Personal Data processed under the services agreement. Each party will comply with applicable data protection laws.
3. Processing instructions
IGENPAXY will process Personal Data only on documented instructions from Customer, including with regard to international transfers, unless required by law.
4. Confidentiality and personnel
IGENPAXY ensures personnel authorized to process Personal Data are bound by confidentiality obligations and trained on data protection.
5. Security
IGENPAXY implements appropriate technical and organizational measures to protect Personal Data, including encryption in transit and at rest, access controls, secure software development practices, and incident response procedures.
6. Sub-processors
Customer authorizes IGENPAXY to engage sub-processors as necessary to provide the services. A current list is maintained at igenpaxy.com/legal/dpa#subprocessors. IGENPAXY will provide notice of new sub-processors and an opportunity to object.
7. Data subject rights
IGENPAXY will provide reasonable assistance to Customer in responding to data subject requests, taking into account the nature of processing and the information available.
8. Breach notification
IGENPAXY will notify Customer without undue delay after becoming aware of a Personal Data breach and provide information reasonably required to comply with notification obligations.
9. International transfers
Where Personal Data is transferred outside the EEA, UK, or Switzerland, the parties agree to rely on Standard Contractual Clauses or other adequate transfer mechanisms.
10. Audits
IGENPAXY will make available information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by Customer or its mandated auditor, subject to reasonable notice and confidentiality obligations.
11. Deletion
Upon termination of services, IGENPAXY will delete or return Personal Data to Customer, subject to legal retention requirements.
12. Contact
Questions about this DPA: privacy@igenpaxy.com.