Data Processing Agreement

Effective Date: January 31, 2025

1. Definitions

• "Controller" means the client who determines the purposes and means of processing personal data
• "Processor" means Visionary Marketing Services™ LLC, processing personal data on behalf of the Controller
• "Personal Data" has the meaning set forth in applicable data protection laws
• "Processing" has the meaning set forth in applicable data protection laws

2. Scope and Application

This DPA applies when Visionary Marketing Services™ LLC processes personal data on behalf of clients in connection with our marketing services, including but not limited to:

• Email marketing campaigns
• Customer relationship management
• Analytics and reporting
• Content creation involving personal data
• Social media management

3. Data Processing Details

4. Processor Obligations

Visionary Marketing Services™ LLC agrees to:

• Process personal data only on documented instructions from the Controller
• Ensure confidentiality of personal data
• Implement appropriate technical and organizational security measures
• Assist the Controller in responding to data subject requests
• Notify the Controller of any personal data breaches without undue delay
• Delete or return personal data upon termination of services
• Maintain records of processing activities

5. Security Measures

We implement the following security measures:

6. Sub-processors

We may engage the following categories of sub-processors:

• Cloud hosting providers (Microsoft Azure, Google Cloud)
• Email service providers (Mailchimp, ConvertKit)
• Analytics platforms (Google Analytics)
• CRM systems

We will notify clients of any changes to sub-processors and provide an opportunity to object to such changes.

7. Data Subject Rights

We will assist clients in fulfilling data subject requests, including:

• Access to personal data
• Rectification of inaccurate data
• Erasure of personal data
• Restriction of processing
• Data portability
• Objection to processing

8. Data Breach Notification

In the event of a personal data breach, we will notify the client without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include:

• Description of the nature of the breach
• Categories and approximate number of data subjects affected
• Likely consequences of the breach
• Measures taken or proposed to address the breach

9. International Transfers

If personal data is transferred outside the client's jurisdiction, we will ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses
• Adequacy decisions
• Binding Corporate Rules
• Explicit consent where required

10. Audit and Compliance

We will make available to the client all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the client or another auditor mandated by the client.

11. Liability and Indemnification

Each party's liability under this DPA is subject to the limitation of liability provisions in the main service agreement. We will indemnify clients against claims arising from our breach of this DPA.

12. Term and Termination

This DPA will remain in effect for the duration of the service agreement. Upon termination, we will delete or return all personal data to the client, unless retention is required by law.

Contact Information

For questions about this DPA, please contact:

This Data Processing Agreement was last updated on January 31, 2025.