Data Processing Addendum (DPA)
Last updated: June 2026
This summary DPA applies to customers who process personal data obtained through Plug2Data. A signed copy is available on request at privacy@plug2data.com. It forms part of our Terms of Service.
1. Roles
For the B2B contact data we provide, Plug2Data and the customer each act as an independent data controller for their respective processing. For data the customer uploads into our platform for us to process on their behalf, Plug2Data acts as a processor on the customer's documented instructions.
2. Customer obligations
Use the data only for lawful B2B purposes and on a valid legal basis; provide the transparency information your outreach requires; honour opt-out, unsubscribe and do-not-contact requests; and regularly reconcile against our suppression list (available via the API / on request), removing any individual we have suppressed unless you hold an independent lawful basis.
3. Security, sub-processors & transfers
We apply appropriate technical and organisational measures, use the sub-processors listed in our Privacy Policy under data-processing agreements, and rely on Standard Contractual Clauses (and the UK Addendum) for transfers outside the EEA/UK.
4. Assistance & breach notification
We assist with data-subject requests and security-incident obligations as required by Art. 28 GDPR, and notify the customer without undue delay of any personal-data breach affecting data we process on their behalf.