Back to home

Data Processing Addendum

Standard DPA for customers acting as data controllers under the GDPR.

Effective May 1, 2026NORTHPIN INC

1. Parties and role

This Data Processing Addendum ("DPA") forms part of the Terms of Service between you ("Controller") and NORTHPIN INC ("Processor"). It applies whenever you submit Personal Data to MailSift for processing.

2. Scope and purpose

Subject matter: provision of the MailSift email verification service.

Nature and purpose: processing email addresses and related metadata to return verification classifications.

Categories of data subjects: end users or contacts of the Controller whose email addresses are submitted.

Categories of personal data: email addresses and any metadata Controller chooses to submit alongside them.

3. Processor obligations

We will: (a) process Personal Data only on documented instructions from you; (b) ensure persons authorized to process Personal Data have committed to confidentiality; (c) implement appropriate technical and organizational measures; (d) assist with data subject rights requests; (e) make available information necessary to demonstrate compliance with this DPA.

4. Sub-processors

Authorized sub-processors are listed in our Privacy Policy. We will notify Controller of changes at least 30 days before they take effect; Controller may object on reasonable grounds.

5. International transfers

Where Personal Data is transferred outside the EEA/UK to a country without an adequacy decision, the Standard Contractual Clauses are deemed incorporated into this DPA and apply to such transfers.

6. Security incident notification

We will notify Controller without undue delay (and in any case within 72 hours) of becoming aware of a Personal Data Breach affecting Controller's data.

7. Audits

Once per 12-month period, Controller may request, at reasonable cost and on 30 days notice, an audit limited to questions necessary to confirm compliance with this DPA. We will accept commercially reasonable security questionnaires in lieu of on-site audits.

8. Return or deletion

Within 90 days of termination, we will delete or return all Personal Data, except where applicable law requires storage.

Questions about this document? Email [email protected].