Data Processing Agreement (DPA)

This is Scale Amplify's standard Data Processing Agreement template, provided for transparency and applicable where incorporated into a signed services agreement.

Between:

Scale Amplify ("Processor", "Agency", "we", "us")

and

The Client ("Controller", "you")

Preamble:

This Data Processing Agreement ("DPA") forms part of and is incorporated into the Lead Revival Services Agreement and governs the processing of Personal Data by Scale Amplify on behalf of the Client in accordance with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR").

1. Roles of the Parties

1.1

The Client is the Data Controller and determines the purposes and means of processing Personal Data.

1.2

Scale Amplify acts as a Data Processor and processes Personal Data solely on documented instructions from the Client and for the purpose of providing the Lead Revival Services.

2. Scope of Processing

2.1

Categories of Data Subjects: Prospects, leads, and business contacts contained in the Client's CRM or lead databases.

2.2

Categories of Personal Data:

  • Business contact information (name, email, company, job title, phone where applicable)
  • Firmographic and professional profile data
  • Communication-related metadata necessary for service delivery
2.3

Purpose of Processing: To deliver lead revival, segmentation, outreach orchestration, and qualified meeting delivery services as contractually agreed. Processing expressly excludes:

  • Use of Personal Data for Scale Amplify's independent marketing
  • Sale, resale, or enrichment of Client data
  • Cross-client data reuse
2.4

Duration of Processing: For the term of the Lead Revival Services Agreement and any legally required retention period, after which Personal Data shall be returned or securely deleted.

3. Processing Instructions

Scale Amplify shall:

  • Process Personal Data only on documented instructions from the Client
  • Not use Personal Data for any purpose other than service delivery
  • Not disclose Personal Data to third parties without written authorisation, except as required to perform the Services or by law

4. Confidentiality

Scale Amplify shall ensure that:

  • All persons authorised to process Personal Data are bound by confidentiality obligations
  • Access to Personal Data is limited to personnel who require it for service delivery

5. Data Security & Safeguards

Scale Amplify shall implement appropriate technical and organisational measures to protect Personal Data, including:

  • Role-based access control
  • Secure storage environments
  • Logical separation of Client data
  • Protection against unauthorised access, disclosure, or misuse
  • Secure return or deletion of Personal Data upon contract termination

These measures are designed to ensure a level of security appropriate to the risk.

6. Sub-Processing

6.1

Scale Amplify may engage sub-processors solely for infrastructure and operational support, subject to:

  • Equivalent confidentiality and data protection obligations
  • Use limited to service delivery purposes
  • No disclosure of Scale Amplify's proprietary systems, execution logic, or methodology
6.2

Scale Amplify remains responsible for the performance of any authorised sub-processor in accordance with this DPA.

7. Data Subject Rights

Scale Amplify shall assist the Client, to the extent required by applicable law, in responding to data subject requests relating to:

Access, Rectification, Erasure, Restriction, Objection, and Data portability.

8. Personal Data Breach

In the event of a confirmed Personal Data Breach affecting Client data, Scale Amplify shall:

  • Notify the Client without undue delay
  • Provide reasonable information regarding the nature and scope of the breach
  • Cooperate in remediation and regulatory response actions

All obligations under this clause are subject to the liability limitations set out in the Lead Revival Services Agreement.

9. Data Return & Deletion

Upon termination of the Lead Revival Services Agreement, Scale Amplify shall, at the Client's option:

  • Return all Client-provided Personal Data; or
  • Securely delete such Personal Data and confirm deletion

This obligation does not extend to Scale Amplify's proprietary methodology or internal operational artefacts.

10. Audit & Compliance

Scale Amplify shall make available reasonable information necessary to demonstrate compliance with this DPA, subject to confidentiality, security, and intellectual property protections.

11. International Transfers

Where Personal Data is transferred across borders, Scale Amplify shall ensure appropriate safeguards in accordance with applicable data protection laws.

12. Governing Terms & Liability

This DPA is governed by and subject to the liability, governing law, and dispute resolution provisions of the Lead Revival Services Agreement. In the event of conflict, this DPA shall prevail solely in respect of data protection obligations.

13. Contact for Data Protection Matters

For any questions relating to this DPA or Scale Amplify's data protection practices, please contact:

Scale Amplify

Email: legal@scaleamplify.com

Address: D-25, Jangpura Extension, New Delhi 110014, India