OwlCTO Marketing DPA

This DPA forms part of the Terms when OwlCTO processes personal data on your behalf as processor.

1. Roles. Customer is the controller; OwlCTO is the processor.
2. Purpose & instructions. We process personal data solely to provide the services per your documented instructions.
3. Security. We maintain technical and organizational measures appropriate to risk. See Security page for a summary.
4. Subprocessors. Listed on the Subprocessors page; we will provide notice of changes.
5. Transfers. We use appropriate safeguards (e.g., SCCs) where required for international transfers.
6. Assistance. We assist with data subject requests and DPIAs to the extent reasonably possible.
7. Deletion/return. Upon termination, we delete or return personal data unless law requires retention.
8. Audit. We provide information necessary to demonstrate compliance and allow audits subject to reasonable limits.
9. Incidents. We will notify without undue delay upon becoming aware of a personal data breach.

For a signed copy, contact: privacy@owlcto.com