This DPA applies when Marmalaide processes Personal Data on behalf of a customer
(“Customer”) as part of the Services.
1. Roles
- Customer is the Controller (or Business) of Personal Data submitted to the Services.
- Marmalaide is the Processor (or Service Provider) processing such data to provide the
Services.
2. Processing details
- Subject matter: producing marketing deliverables and providing support.
- Duration: term of the Services plus retention period described in the Privacy Policy.
- Nature/purpose: hosting, processing, editing, generating, and delivering content; support;
security. - Categories of data subjects: Customer’s employees, contractors, and end customers (as
applicable). - Types of personal data: may include contact details and any personal data embedded in
Customer Content.
3. Processor obligations
Marmalaide will:
- Process Personal Data only on documented instructions from Customer.
- Implement appropriate technical and organizational security measures.
- Ensure personnel confidentiality obligations.
- Notify Customer of a personal data breach without undue delay after becoming aware.
- Assist Customer with reasonable requests for data subject rights (to the extent applicable
and feasible). - Delete or return Personal Data upon termination, subject to legal retention and backup
limitations.
4. Subprocessors
Customer authorizes Marmalaide to engage subprocessors for hosting, analytics,
communications, and production tooling. A current list of subprocessors will be provided
upon written request. Marmalaide will impose data protection obligations on subprocessors
consistent with this DPA.
5. International transfers
Where required, Marmalaide will use appropriate transfer mechanisms (e.g., SCCs) for
cross-border transfers.
6. Audits
Upon reasonable notice, Customer may request documentation to verify compliance, and/or
conduct an audit subject to confidentiality and reasonable limitations.
7. Security
Marmalaide maintains a security program designed to protect Personal Data against
unauthorized access, loss, or disclosure.
8. Conflict
If this DPA conflicts with the Terms, this DPA governs with respect to Personal Data
processing.
