Data Processing Agreement (DPA)
A contract between you and any vendor that processes personal data on your behalf.
A Data Processing Agreement (DPA, also called a Data Processing Addendum) is required under GDPR Article 28 whenever an external vendor processes personal data on your behalf. Examples: your email service provider (Klaviyo, Mailchimp), your analytics tool, your short-link service, your CRM.
Typical DPA contents: which data is processed, for what purpose, for how long, what technical and organizational safeguards are in place, and what happens in case of a data breach. CCPA has analogous 'service provider' contract requirements for California residents.
On promolinks.net Pro customers can download a ready-to-sign DPA from the dashboard. Data is hosted in EU data centers for GDPR customers and US data centers for US-based customers.
Related terms
What you should know next
GDPR
The EU's General Data Protection Regulation — in force since May 2018, with global reach.
IP Anonymization
Truncating the last octet of an IP address or hashing it — strips its status as personal data.
EU Data Hosting
Servers physically located in the EU — important for GDPR-sensitive customers and avoiding US transfer risk.
Start now — the free plan is free forever
Short links, QR codes, bio page and digital business card — all in one tool. GDPR-compliant, EU hosting.