As Data Processing Addendum
Fri, 09 May 2025 10:28:47 GMT
Concluded on _______________________________________________________,
By and between:
Vish Vijay, , , , , India
____________________________________________________________________ ,
hereinafter referred to as "Client" or "Data Administrator",
and
Elastic Email Inc.
____________________________________________________________________ ,
hereinafter referred to as "Service Provider" or "Processing Party".
Considering that the Service Provider shall provide the Client with services that involve
Transactional and Marketing Email Services and, therefore, the Service Provider will process
the personal data collected by the Client, the Parties have concluded as follows:
§1
Statements of the Parties
1. The Data Administrator entrusts the Service Provider with processing of the
following personal data:
● Sender, recipient, and copy recipient information:
○ Email address
○ First name
○ Last name
○ Phone number
○ Address
○ Zip/Postal Code
○ City
○ State/Province
○ Country
○ Company
○ Website
● Any custom contact fields the Client created at their sole discretion to store
and merge through email communication using Elastic Email’s services.
● Any other personal data that the Client includes at their sole discretion in the
subject or body of email communications using Elastic Email’s services.
● Phone numbers used for SMS communication.
Page 1 of 8
� ● Any custom survey fields the Client created at their sole discretion to store
using Elastic Email’s services.
● Any custom merge fields the Client provided at their sole discretion to process
using Elastic Email’s services.
● All Account data provided during sign-up and use of Elastic Email’s services,
including:
○ Account and Sub-accounts Email address
○ Account and Sub-accounts First name
○ Account and Sub-accounts Last name
○ Account and Sub-accounts Phone number
○ Account and Sub-accounts Address
○ Account and Sub-accounts Zip/Postal code
○ Account and Sub-accounts City
○ Account and Sub-accounts State/Province
○ Account and Sub-accounts Country
○ Account and Sub-accounts Company
○ Account and Sub-accounts Website
○ Account and Sub-accounts Tax ID number
○ Account and Sub-accounts Sending Domains
○ Account and Sub-accounts BCC email addresses
○ Account and Sub-accounts default sender
○ Account and Sub-accounts unsubscribe notification email addresses
○ Account SMS number
○ Account system notifications email addresses
○ PayPal Email address
○ Payment First name
○ Payment Last name
○ Payment Phone number
○ Payment Address
○ Payment Zip/Postal code
○ Payment City
○ Payment State/Province
○ Payment Country
○ User Email address
○ User First name
○ User Last name
2. The Service Provider declares that it has the means to perform the processing of the
personal data entrusted to them by the Data Administrator in a proper manner,
within the scope and purpose of this Agreement.
Page 2 of 8
�3. The Service Provider shall not alter, remove, or use the personal data entrusted in any
manner other than for the provision of necessary services to the Data Administrator.
In addition, the Service Provider agrees to maintain full confidentiality in terms of the
data entrusted for the processing services.
4. The Service Provider also declares that persons engaged in processing the personal
data entrusted have been given authorization to the processing of personal data and
that they have been briefed with the legal provisions on the protection of personal
data and the responsibility for failure to do so, have undertaken to comply with them
and to safeguard the confidentiality of personal data processed and their security
details for an indefinite time.
5. The Service Provider does not intentionally collect or process any special categories of
data in the provision of its service. Under the Terms of Use, the Customer agrees not
to provide special categories of data to Elastic Email at any time. The personal data
transferred to the Service Provider for processing is controlled and determined by the
Client at its sole discretion. Therefore, the Service Provider has no control over the
sensitivity of the personal data processed through its service by the Client.
§2
Purpose, range, and processing location of the personal data entrusted
1. The Data Administrator entrusts the Service Provider with the processing of personal
data referred to in paragraph 1 of the Agreement solely in connection with the
following services:
Cloud-based management of marketing and transactional email delivery and
analysis services. The primary service is to deliver email communications on behalf of
the Client to its recipients. The content of the email communications is determined by
the Client in its sole discretion. Secondary services provided for the Client include
analytics of the email communications, SMS communications, subscriber sign-up,
and survey tools.
2. The Service Provider undertakes to process the personal data entrusted solely for the
purposes of the services provided and only insofar as is necessary to fulfill these
purposes.
3. Upon request of the Data Administrator or by the Data Subject, the Service Provider
will indicate the areas in which they process the entrusted data.
§3
Personal data processing terms
1. The Parties undertake to fulfill the obligations arising from this Agreement with the
utmost professional care in order to ensure legal, organizational and technical
Page 3 of 8
� security of the interests of the Parties in respect of the processing of the personal
data entrusted.
2. The Service Provider shall undertake to use technical and organizational measures in
order to provide security for the processing of personal data in a reasonable manner
appropriate to the risks and the category of subject matter, in particular, to secure
them from the release to unauthorized persons, seizure by an unauthorized person,
data processing in breach of the legal provisions, as well as any change, loss,
damage or destruction. Detailed security measures of Elastic Email are described in
the link below and are updated from time to time:
https://elasticemail.com/resources/usage-policies/security/
3. The Service Provider declares that the IT systems applied to the processing of data
entrusted meet the requirements of the current legislation in force.
4. The Processing Party, having regard to the nature of the processing, as far as possible,
helps the Data Administrator through appropriate technical and organizational
measures to meet the obligations to respond to the request of the Data Subject in the
exercise of their rights.
5. The Processing Party is accordingly obliged to notify the Data Administrator of any
suspected infringement or actual infringement of the protection of the personal data
- no later than within twenty-four (24) hours of the suspected violation or breach of
the protection of personal data. In the notice, the Processing Party is obliged to
indicate the incident circumstances, probable causes, and measures that have been
taken following the incident in order to minimize its adverse impact - along with the
necessary documentation. The Processing Party is required to provide the Data
Administrator with the opportunity to participate in clarifying the incident
circumstances. The Processing Party is obliged to provide all information and
explanations as well as take any actions that will allow the Personal Data
Administrator to satisfy the reporting obligation to the President of the Personal Data
Protection Office [PL: Prezes Urzędu Ochrony Danych Osobowych].
6. The Processing Party, having regard to the nature of the processing and the
information available to them, shall help the Data Administrator to meet the
obligations referred to in Articles 32 to 36 of regulation of the European Parliament
and of the EU Council 2016/679 of 27 April 2016 on the protection of individuals with
regard to the processing of personal data and on the free movement of such data
(General Data Protection Regulation).
7. Upon termination of the provision of the personal data protection-related services, the
Processing Party, in accordance with the decision of the Client shall remove or return
any personal data as well as remove all their existing backups, unless specific legal
provisions oblige them to continue to store the personal data in question.
8. The Processing Party provides the Data Administrator with all information necessary
to demonstrate that the obligations set out in this Agreement have been fulfilled and
Page 4 of 8
� allows the Data Administrator or the auditor authorized by the Data Administrator
for conducting the audits, including inspections and shall contribute to them.
9. The Processing Party is entitled to use the services of another processing entity in
order to provide services to the Data Administrator, an agreement to which is
confirmed by the Data Administrator by entering into this Agreement. The use of the
services of another data-processing entity requires the conclusion of an applicable
personal data processing agreement with this entity in order to guarantee the
implementation of the commitments of the Service Provider to the Client under this
Agreement. The Sub-processors currently engaged by the Service Provider and
authorized by the Client are listed in Annex A.
§4
Liability of the Parties
1. The Data Administrator shall bear the responsibility for compliance with the provisions
of law with respect to the processing and protection of personal data according to
the regulation of the European Parliament and of the EU Council 2016/679 of 27 April
2016 on the protection of individuals with regard to the processing of personal data
and on the free movement of such data and the repeal of Directive 95/46/EC (General
Data Protection Regulation).
2. This does not exclude the liability of the Service Provider for the processing of the
data in breach of this Agreement.
3. The Processing Party bears liability for the damage caused by processing if they have
not fulfilled the obligations imposed by this Agreement or when they have worked
outside the lawful instructions of the Data Administrator or contrary to these
instructions.
§5
Final provisions
1. Any amendment to this Agreement shall be made in writing under pain of nullity.
2. Elastic Email may propose amendments to this Agreement to reflect changes in
applicable laws, regulations, sub-processors, or business practices. Any such
amendments will be communicated in writing and made accessible for review. Your
continued use of our services after receiving written notice of the updated Agreement
will constitute acceptance of the proposed amendments, subject to the requirement
that all amendments are documented in writing as outlined in this Agreement.
3. In any case when this Agreement refers to the provisions of law, this also means other
provisions on the protection of personal data and any amendments which will enter
Page 5 of 8
� into force after the conclusion of the Agreement, as well as legal acts which will
replace the applicable laws and regulations.
4. The Agreement is drawn up in duplicate, one for each of the Parties.
5. This Personal Data Processing Agreement is in force for the duration of the provision
of personal data processing-related services for the Data Administrator.
§6
Signatures
Vish Vijay
Signature Joshua Perina, CEO
Client Service Provider
Page 6 of 8
� ANNEX A
Current List of Sub-Processors
Infrastructure Sub-Processors
Name Purpose Country
OVH The main hosting provider where the bulk of the Elastic France
Email cloud services reside. A central repository, API,
public website, reporting services, etc.
Ezzi Cloud hosting provider used for delivering our USA
Customers' email communications.
Colocation Cloud hosting provider used for delivering our USA
America Customers' email communications.
Amazon Backup cloud hosting provider for our Elastic Email web USA
application.
Google Cloud hosting provider used for document management USA
and our email addresses and groups for
elasticemail.com
Twilio Cloud communication provider used for sending our USA
profile verification SMS messages to our customers and
the provider that delivers our SMS API messages for our
Customers.
Stripe Payment gateway to collect fees from our Customers. USA
PayPal Payment gateway to collect fees from our Customers. USA
Intercom Customer messaging platform used to enhance USA
customer engagement by allowing to manage
conversations, support requests and marketing
automation workflows.
OpenAI Advanced artificial intelligence platform used to USA
enhance email campaign creation by enabling intelligent
content creation and to support the verification of email
content, ensuring compliance with quality, security, and
communication standards.
Hotjar Analytics and feedback platform used to track insights Ireland
into users' behavior and understand how users interact
with our website and application through heat maps,
session recordings, and feedback polls.
Page 7 of 8
�Google Web analytics tool used to track how Customers USA
Analytics interact with a website and platform after clicking
through from ad campaigns, email campaigns, and blog
content.
Page 8 of 8
