Data Processing Addendum
This Data Processing Addendum (“DPA”) forms part of the agreement between E&EL Global Inc., a company incorporated in the State of Delaware, USA (Registration No. 10241883; Tax ID 39-2947497) (“Processor”, “we”), and the Customer (“Controller”, “you”) for the use of the DealScope Service (the “Agreement”). It applies where, and to the extent that, we process Personal Data on your behalf that is subject to Data Protection Laws (including the EU GDPR, the UK GDPR, and applicable U.S. state privacy laws).
1. Definitions
“Personal Data”, “processing”, “controller”, “processor”, “data subject”, and “personal data breach” have the meanings given in the GDPR. “Data Protection Laws” means all laws relating to data protection and privacy applicable to the processing of Personal Data under the Agreement. “Customer Personal Data” means Personal Data within the Customer Content that we process on your behalf. “Sub-processor” means a third party engaged by us to process Customer Personal Data.
2. Roles & scope
For Customer Personal Data, you act as the controller (or processor on behalf of another controller) and we act as your processor (or sub-processor). We process Customer Personal Data only to provide the Service and only on your documented instructions, including as set out in the Agreement, this DPA, and your configuration and use of the Service. We will notify you if, in our opinion, an instruction infringes Data Protection Laws (without obligation to provide legal advice).
3. Our obligations as processor
- Instructions. Process Customer Personal Data only on your documented instructions, unless required by law (in which case we will inform you unless legally prohibited).
- Confidentiality. Ensure personnel authorized to process Customer Personal Data are bound by confidentiality obligations.
- Security. Implement and maintain the technical and organizational measures described in Annex II.
- Sub-processors. Engage Sub-processors only as permitted in Section 4.
- Data subject requests. Taking into account the nature of the processing, assist you by appropriate measures, insofar as possible, to respond to data-subject requests under Data Protection Laws. The Service also lets you access, correct, export, and delete Customer Content directly.
- Assistance. Assist you, taking into account the nature of processing and the information available to us, with your obligations relating to security, breach notification, data-protection impact assessments, and prior consultation.
- Breach notification. Notify you without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and provide information reasonably available to us to help you meet your notification obligations.
4. Sub-processors
You provide general authorization for us to engage the Sub-processors listed at ghoststream.exact-it.net/subprocessors. We impose data-protection obligations on each Sub-processor that are no less protective than those in this DPA, and we remain responsible for their performance. We will give notice (via the sub-processor page subscription) before adding or replacing a Sub-processor, and you may object on reasonable data-protection grounds; if we cannot reasonably accommodate the objection, you may terminate the affected part of the Service.
5. International transfers
We and our Sub-processors may process Customer Personal Data in the United States and other countries. Where Customer Personal Data subject to EU/UK GDPR is transferred to a country without an adequacy decision, the transfer is made under appropriate safeguards, including the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), which are incorporated by reference into this DPA.
6. Audits
We will make available information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable confidentiality and security conditions and no more than once per year unless required by a supervisory authority or following a breach.
7. Deletion & return
On termination of the Agreement, and at your choice, we will delete or return Customer Personal Data and delete existing copies within a commercially reasonable period, unless retention is required by law. You may also delete most Customer Content directly in the Service at any time.
8. Liability
Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.
Annex I — Details of processing
| Subject matter | Provision of the DealScope sales-intelligence and enablement Service. |
|---|---|
| Duration | The term of the Agreement, plus any deletion/return period. |
| Nature & purpose | Hosting, storage, retrieval, analysis, AI processing, and transmission of Customer Personal Data to provide the Service’s features (prospecting, research, competitor analysis, training, scheduling, call analysis, and reporting). |
| Categories of data subjects | The Customer’s authorized users; the Customer’s prospects and business contacts; participants in meetings the Customer records; and individuals named in Customer Content. |
| Categories of Personal Data | Names, business email addresses, job titles/roles, employer/company, notes, and — where the Customer enables it — meeting recordings, transcripts, and derived analysis. Customers are instructed not to include special-category data. |
| Frequency | Continuous, for the duration of the Agreement. |
Annex II — Technical & organizational measures
- Encryption of data in transit (HTTPS/TLS); password hashing; encryption of data at rest where supported by our hosting;
- Logical per-tenant isolation so one Customer cannot access another Customer’s data;
- Access controls and least-privilege access to production systems; email-verified onboarding;
- Network and media protections (including Cloudflare-backed delivery);
- Logging and monitoring for security and abuse detection;
- Vetting of Sub-processors and contractual data-protection commitments;
- A vulnerability-reporting channel at security@ghoststream.exact-it.net.
Contact
E&EL Global Inc.
Registered office: 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, USA.
contact@eel-global.com