Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the agreement between FusionByte Media LLC (“Processor” or “FusionByte”) and the customer, client, or buyer (“Controller”) governing the processing of Personal Data in connection with FusionByte services.
This DPA applies where FusionByte processes Personal Data on behalf of Controller under applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”), UK GDPR, and similar laws.
Capitalized terms not defined herein shall have the meaning set forth in the main agreement.
1. Definitions
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data.
“Controller” determines the purposes and means of processing.
“Processor” processes Personal Data on behalf of the Controller.
“Data Subject” means the individual to whom the Personal Data relates.
“Subprocessor” means a third party engaged by Processor to process Personal Data.
2. Scope and Roles
Controller is the data controller. FusionByte acts as a data processor unless otherwise specified in a written agreement.
Controller determines the lawful basis and instructions for processing. FusionByte processes Personal Data solely to provide contracted Services.
3. Description of Processing
Subject Matter: Marketing leads, business communications, analytics, hosting, CRM operations
Duration: For the term of the services and any legally required retention period
Nature: Collection, storage, transmission, validation, reporting
Categories of Data Subjects: Consumers, business contacts, website visitors
Types of Personal Data: Name, contact details, IP address, consent metadata, device information, campaign data
Special Categories: Not intentionally processed
4. Processor Obligations
FusionByte shall:
Process Personal Data only on documented instructions from Controller
Maintain confidentiality obligations for personnel
Implement appropriate technical and organizational safeguards
Assist Controller with Data Subject requests where applicable
Notify Controller of any Personal Data breach without undue delay
Delete or return Personal Data upon termination unless legally required
Make information available to demonstrate compliance
5. Controller Obligations
Controller shall:
Ensure lawful basis for processing and consent
Provide lawful instructions
Ensure compliance with all applicable data protection laws
Maintain privacy notices and disclosures
Respond to Data Subject requests
Ensure downstream compliance
6. Subprocessors
Controller authorizes FusionByte to engage subprocessors for hosting, analytics, communications, security, and infrastructure.
FusionByte shall ensure subprocessors are bound by written data protection obligations consistent with this DPA.
FusionByte may update subprocessors without prior notice.
7. International Transfers
Personal Data may be processed outside the originating jurisdiction. Where required, appropriate safeguards shall be applied.
8. Security Measures
FusionByte maintains reasonable safeguards including:
Access controls
Network security
Encryption where appropriate
Monitoring and logging
Incident response procedures
9. Data Breach Notification
FusionByte shall notify Controller without undue delay after becoming aware of a Personal Data breach.
10. Audits
Controller may audit FusionByte upon reasonable notice and subject to confidentiality and operational safeguards.
11. Liability and Indemnification
Each party remains responsible for its own violations of data protection law. Liability limitations in the main agreement apply.
12. Termination and Data Return
Upon termination, Personal Data shall be deleted or returned unless legally required to retain.
13. Governing Law
This DPA shall be governed by the same law as the main agreement.
14. Order of Precedence
In case of conflict, this DPA controls with respect to data protection obligations.