Lorem ipsum dolor sit amet adipisicing elit. Sapiente fuga nisi rerum iusto intro.

Quick Links

Data Processing Agreement (DPA)

Introduction

This Data Processing Agreement (“DPA”) forms a legally binding agreement between Eggstree (“Supplier”, “we”, “us”) and any customer, user, or entity accessing or using Eggstree’s products or services (“Customer”, “you”). This DPA governs the processing of Personal Data carried out by Eggstree on behalf of the Customer under any written, electronic, or incorporated agreement (“Agreement”).

This DPA becomes effective when Eggstree processes Personal Data on behalf of the Customer in connection with the provision of its services. It is incorporated into and forms an integral part of the Agreement. In the event of any conflict between this DPA and the Agreement, the terms of this DPA shall prevail with respect to data protection matters.

Unless otherwise defined herein, capitalized terms shall have the meanings assigned to them in the Agreement.

1. Definitions

For the purposes of this DPA:

Personal Data

Any information relating to an identified or identifiable individual protected under applicable Data Protection Laws.

Processing

Any operation performed on Personal Data, including collection, storage, use, disclosure, transmission, or deletion.

Data Subject

The individual to whom Personal Data relates.

Controller

The entity that determines the purposes and means of Processing Personal Data.

Processor

The entity that processes Personal Data on behalf of a Controller.

Sub-Processor

Any third party engaged by Eggstree to process Personal Data on behalf of the Customer.

Personal Data Breach

A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

Instructions

Documented directions provided by the Customer to Eggstree regarding the Processing of Personal Data.

Data Protection Laws

Include all applicable privacy and data protection laws worldwide, including but not limited to:

- European Data Protection Laws, including GDPR, UK GDPR, and Swiss FADP

- United States Privacy Laws, including:

  • California Consumer Privacy Act as amended by CPRA (CCPA)

  • Colorado Privacy Act (CPA)

  • Virginia Consumer Data Protection Act (VCDPA)

  • Connecticut Data Privacy Act (CTDPA)

  • Utah Consumer Privacy Act (UCPA)

- Canadian Privacy Laws, including:

  • PIPEDA

  • Quebec Law 25

  • Alberta PIPA

  • British Columbia PIPA

2. Roles of the Parties

a. European Data

For Personal Data subject to European Data Protection Laws, the Customer acts as the Controller (or Processor acting on behalf of a Controller), and Eggstree acts as a Processor.

b. United States Privacy Laws

For Personal Data governed by US Privacy Laws, Eggstree acts as a Processor or Service Provider, and the Customer acts as the Controller or Business, as applicable.

c. Canadian Privacy Laws

For Personal Data governed by Canadian Privacy Laws, Eggstree processes Personal Data solely on behalf of the Customer and in accordance with Customer Instructions.

3. Customer Responsibilities

The Customer is solely responsible for compliance with all applicable Data Protection Laws. This includes:

- Ensuring Personal Data is lawfully collected and accurate

- Providing required notices and obtaining valid consents

- Ensuring lawful transfer of Personal Data to Eggstree

- Confirming that all Instructions are lawful and compliant

- Securing access credentials and safeguarding Personal Data transmitted to and from Eggstree’s systems

The Customer acknowledges that Eggstree does not independently verify the legality of Personal Data provided.

4. Eggstree Responsibilities

a. Process Data Only on Instructions

Process Personal Data solely in accordance with the Agreement, this DPA, and documented Customer Instructions, unless otherwise required by law.

b. Confidentiality

Ensure that all personnel authorized to process Personal Data are subject to confidentiality obligations.

c. Security Measures

Implement appropriate technical and organizational measures to protect Personal Data, as detailed in Attachment 2.

d. Legal Compliance Notification

Notify the Customer if Eggstree is legally required to process Personal Data in a manner that conflicts with Customer Instructions, where permitted by law.

e. Personal Data Breaches

Notify the Customer without undue delay upon becoming aware of a Personal Data Breach and cooperate in remediation and notification efforts.

f. Data Return or Deletion

Upon termination of services, delete or return all Personal Data unless retention is required by law.

g. Audit & Compliance Support

Provide reasonable information necessary to demonstrate compliance, subject to confidentiality and audit limitations.

5. Data Subject Requests

Eggstree will assist the Customer in responding to Data Subject requests as required by law. Requests received directly by Eggstree will be redirected to the Customer where appropriate.

6. Sub-Processors

The Customer authorizes Eggstree to engage Sub-Processors. Eggstree shall:

- Enter into written agreements with Sub-Processors

- Ensure equivalent data protection safeguards

- Remain fully responsible for Sub-Processor compliance

7. International Data Transfers

Eggstree may process Personal Data globally. Transfers of European Personal Data to Third Countries shall be governed by:

- Standard Contractual Clauses (EU 2021/914)

- UK International Data Transfer Addendum

- Other lawful transfer mechanisms recognized under applicable law

In case of conflict, SCCs shall prevail.

8. California Personal Information

Where Eggstree processes California Personal Information:

- Eggstree acts as a Service Provider or Third Party, as applicable

- Personal Data is processed only for permitted business purposes

- Eggstree does not sell or share Personal Data

- Security safeguards consistent with CCPA requirements are applied

- Customer requests and regulatory notices are handled promptly

9. Amendments and Termination

Eggstree may update this DPA with thirty (30) days’ notice. If changes materially impact Customer rights, the Customer may object prior to the effective date.

10. Governing Law

This DPA shall be governed by the governing law specified in the Agreement, unless otherwise required by applicable Data Protection Laws.

11. Contact Us

For privacy-related inquiries, contact: [email protected]


Replace assumptions with accurate tracking across campaigns, partners, and channels. Get a clear view of what works, what doesn’t, and where to scale next—with one reliable tracking platform.

Get Started