Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between MailSignal ("Processor") and the Customer ("Controller") for the provision of email tracking services, in accordance with Article 28 of the General Data Protection Regulation (GDPR).

2. Data Processing Details

Subject Matter: Email tracking and analytics services
Duration: For the term of the service agreement
Nature: Collection and analysis of email open events
Purpose: To provide email tracking notifications and analytics
Data Categories: Email addresses, IP addresses, device info, timestamps
Data Subjects: Email recipients of the Controller

3. Processor Obligations

The Processor agrees to:

Process personal data only on documented instructions from the Controller
Ensure persons processing data are bound by confidentiality
Implement appropriate technical and organizational security measures
Not engage sub-processors without prior authorization
Assist the Controller with data subject requests
Delete or return all personal data upon termination
Make available information necessary to demonstrate compliance

4. Data Location

All personal data is stored and processed within the European Union (Germany). We use Hetzner Online GmbH as our infrastructure provider, which is GDPR-compliant and ISO 27001 certified.

5. Security Measures

Encryption of data in transit (TLS 1.3)
Encryption of data at rest
Regular security assessments
Access controls and authentication
Audit logging

6. Contact

For DPA inquiries or to request a signed copy, contact us at: dpa@mailsignal.eu