Home About Services Industries How It Works Contact Get a Free Quote
Legal

Data Processing Agreement

How we process and protect personal data on behalf of our clients.

Last updated: April 27, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the service agreement between Reedy 360 Leads ("Processor," "we," "our") and the Client ("Controller," "you," "your") who engages our lead research services. This DPA sets out the terms under which we process personal data on your behalf and ensures compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDP Act), and other relevant legislation.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, phone numbers, job titles, and company affiliations
  • Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction
  • Controller: The Client who determines the purposes and means of processing personal data (i.e., you)
  • Processor: Reedy 360 Leads, which processes personal data on behalf of the Controller
  • Sub-processor: Any third party engaged by the Processor to assist in processing personal data
  • Data Subject: The individual whose personal data is being processed

3. Scope of Processing

We process personal data solely for the purpose of delivering the lead research services you have engaged us to perform. The categories of personal data we process include: full names, job titles, business email addresses, business phone numbers, company names, company websites, LinkedIn profile URLs, company size, industry classification, and geographic location. All data is B2B professional contact information sourced from publicly available channels.

4. Our Obligations as Processor

As the Processor of your data, we commit to the following obligations:

  • Process personal data only on your documented instructions and solely for the purpose of delivering the agreed services
  • Ensure that all personnel authorized to process personal data have committed to confidentiality obligations
  • Implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, destruction, or damage
  • Not engage any sub-processor without your prior written consent
  • Assist you in responding to data subject access requests, rectification requests, erasure requests, and other rights under applicable data protection laws
  • Notify you without undue delay (and in any event within 72 hours) upon becoming aware of a personal data breach
  • Delete or return all personal data to you upon termination of the service agreement, unless retention is required by law
  • Make available to you all information necessary to demonstrate compliance with this DPA

5. Your Obligations as Controller

As the Controller, you are responsible for:

  • Ensuring that your use of our services and the personal data we deliver complies with all applicable data protection laws
  • Providing lawful instructions for the processing of personal data
  • Ensuring that any outreach conducted using the delivered lead data complies with applicable anti-spam and electronic communications laws (including CAN-SPAM, GDPR, and PECR)
  • Maintaining appropriate records of processing activities as required by law

6. Security Measures

We implement the following technical and organizational measures to protect personal data:

  • SSL/TLS encryption for all data in transit
  • Encryption at rest for all stored data
  • Access controls limiting data access to authorized research personnel only
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and security best practices
  • Secure deletion of working files within 30 days of project delivery
  • Password-protected file delivery for all client deliverables

7. Sub-processors

We currently use the following categories of sub-processors to assist in delivering our services:

  • Cloud hosting providers: For secure data storage and processing infrastructure
  • Email verification services: For validating email deliverability
  • Communication tools: For secure client communication

We will notify you before engaging any new sub-processor and provide you with the opportunity to object. If you object to a new sub-processor on reasonable data protection grounds, we will work with you to find an alternative solution.

8. Data Transfers

If personal data is transferred outside of the European Economic Area (EEA) or the jurisdiction of the Controller, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

9. Data Subject Rights

We will assist you in fulfilling your obligations to respond to data subject requests, including requests for access, rectification, erasure, restriction of processing, data portability, and objection to processing. If we receive a request directly from a data subject, we will promptly notify you and will not respond to the request without your instructions, unless legally required to do so.

10. Data Breach Notification

In the event of a personal data breach, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences of the breach, and the measures taken or proposed to address the breach and mitigate its effects.

11. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes of processing. Upon completion of a project, we retain working files for 30 days for quality assurance purposes. After 30 days, all working files and copies of personal data are permanently deleted from our systems. You may request immediate deletion of working files upon delivery. We will provide written confirmation of deletion upon request.

12. Audit Rights

You have the right to audit our compliance with this DPA. We will make available all information reasonably necessary to demonstrate compliance and will allow for and contribute to audits and inspections conducted by you or an auditor mandated by you. Audits shall be conducted with reasonable notice (at least 14 days) and during normal business hours.

13. Term and Termination

This DPA shall remain in effect for the duration of our service agreement. Upon termination of the service agreement, we will delete or return all personal data as described in Section 11. The obligations of confidentiality and data protection under this DPA shall survive termination.

14. Governing Law

This DPA shall be governed by and construed in accordance with the laws of India. For clients based in the European Union, the provisions of the GDPR shall apply to the extent they provide additional protections.

15. Contact Us

For any questions or concerns regarding this Data Processing Agreement, please contact us:

  • Email: legal@reedy360leads.site
  • Phone: +91 8736956378
  • Address: 3rd Floor, Fusion Towers 36, 14-2, Donepudi Dharmarao Rd, Opp. Siddhartha Public School, Vijayawada, Andhra Pradesh 520010, India