Data Processing Agreement (DPA)
Understand How We Process, Protect, and Manage Your Data on Your Behalf
Understand how your data is processed, secured, and handled in compliance with global regulations and contractual requirements.
Last Updated: 26.11.2025
This Data Processing Agreement (“Agreement”, “DPA”) is entered into between:
(1) The Client (“Controller”)
and
(2) LeadClicks, a brand under Technocrypt LLC (“Processor”, “LeadClicks”, “we”, “us”).
This DPA forms part of any signed contract, proposal, service order, or commercial agreement between the Parties (“Main Agreement”).
The purpose of this DPA is to ensure compliance with:
• GDPR (EU Regulation 2016/679)
• UK GDPR & Data Protection Act 2018
• LGPD (Brazil)
• PIPEDA (Canada)
• POPIA (South Africa)
• California CPRA/CCPA (to the extent applicable)
• PDPA (Singapore)
• APPI (Japan)
• Australian Privacy Act 1988
• Other international data protection laws where relevant
The Parties agree as follows:
DEFINITIONS
“Personal Data”: Any information relating to an identified or identifiable natural person.
“Processing / Process / Processes”: Any operation performed on Personal Data, including collection, storage, use, sharing, or deletion.
“Controller”: The party that determines the purpose and means of processing Personal Data.
“Processor”: The party that processes Personal Data on behalf of the Controller.
“Sub-processor”: Third-party processors used by LeadClicks.
“Applicable Laws”: All privacy laws applicable to Personal Data processed under this Agreement.
“Services”: Media buying, performance marketing, lead generation, SEO services, data analytics, CRM integration, tracking setup, and all other services LeadClicks provides.
ROLE OF THE PARTIES
• The Client is the Data Controller.
• LeadClicks is the Data Processor.
• LeadClicks may act as a Sub-processor for some services if working through external vendors.
Both Parties agree to comply with their respective obligations under global privacy laws.
SUBJECT MATTER & DURATION OF PROCESSING
Subject Matter
LeadClicks processes Personal Data only for the purpose of delivering:
• Lead generation (CPL, CPA, Pay Per Call)
• Paid media campaigns
• Tracking & analytics
• SEO services
• Landing page + funnel management
• CRM integrations
• Call tracking
• Conversion attribution
• Reporting & optimization
Duration
Processing continues for the duration of the Main Agreement and terminates when:
• Services end
• Data is returned or deleted
Unless retention is legally required.
TYPES OF PERSONAL DATA PROCESSED
LeadClicks may process:
• Name
• Phone number
• Email address
• Location data (city/state)
• Call duration, call recordings (if applicable)
• Form submissions & qualification fields
• Ad engagement & conversion events
• Device data & IP address
• Analytics & behavior data
• Lead validation metadata
• CRM data provided by the Controller
LeadClicks does NOT intentionally process:
• Sensitive data (health, religion, political views, biometrics)
• Children’s data under 16
If received unintentionally, it is deleted promptly.
PURPOSE OF PROCESSING
LeadClicks processes Personal Data EXCLUSIVELY for:
• Lead generation
• Lead delivery
• Running and optimizing ad campaigns
• CRM syncing and integration
• Attribution and performance analytics
• Conversion optimization
• Ad tracking (pixels, scripts, server-side tracking)
• Call routing and qualification
• Fraud prevention
• Delivering contractual services
LeadClicks will never process data for purposes not instructed by the Controller.
OBLIGATIONS OF LEADCLICKS (PROCESSOR)
LeadClicks agrees to:
1. Process data only on documented instructions
LeadClicks processes Personal Data solely per Client instructions.
2. Maintain confidentiality
All staff and subcontractors handling data are bound by confidentiality agreements.
3. Implement appropriate security measures
LeadClicks uses industry-standard security, including:
• Encryption in transit and at rest
• Multi-factor authentication
• Firewalls
• Access restrictions
• Data minimization
• Regular audits
• Secure cloud infrastructure
4. Notify Client of data breaches
If a data breach occurs, LeadClicks will notify the Client within 72 hours, including:
• The nature of the breach
• Data affected
• Mitigation steps
• Remediation plan
5. Assist with Data Subject Rights
LeadClicks will assist the Client in responding to:
• Access requests
• Deletion requests
• Correction requests
• Objection or restriction requests
• Data portability
6. Maintain records of processing activities
Required under GDPR/Data Protection laws.
7. Allow audits (upon request)
LeadClicks will support compliance audits subject to:
• Reasonable notice
• Confidentiality
• Operational feasibility
SUB-PROCESSORS
LeadClicks uses sub-processors to deliver services, including:
Advertising & Tracking Vendors
• Google Ads / GA4
• Meta (Facebook/Instagram)
• TikTok
• Microsoft Ads
• Twitter/X
• LinkedIn
• Native Ad Networks
• Programmatic vendors (if applicable)
Analytics & Data Tools
• Google Analytics
• Tag Manager platforms
• Call tracking providers
• CRM systems
• Server-side tracking solutions
Cloud Hosting
• AWS / Google Cloud / Azure (depending on setup)
Other Sub-processors
Additional partners may be used depending on service delivery. LeadClicks remains responsible for all Sub-processors and ensures they:
• Meet global privacy standards
• Sign DPAs or equivalent contracts
• Handle data securely
Controllers will be notified if new Sub-processors are added (when required under law).
INTERNATIONAL DATA TRANSFERS
LeadClicks may transfer data internationally to:
• United States
• UK
• EU
• Singapore
• Australia
• India
• Brazil
• South Africa
Transfers comply with:
• GDPR Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum (IDTA)
• Adequacy decisions
• LGPD transfer requirements
• APPI / PDPA international transfer rules
• Industry-standard security measures
CONTROLLER OBLIGATIONS
The Client agrees to:
• Obtain lawful consent from users (where required)
• Provide accurate privacy notices to users
• Ensure data shared with LeadClicks is lawful
• Maintain compliance with local privacy laws
• Validate that LeadClicks’ processing instructions comply with regulations
• Not use LeadClicks services for illegal or non-compliant purposes
LeadClicks is not responsible for the Client’s internal data practices.
DATA SUBJECT RIGHTS
LeadClicks will support the Client in handling requests from individuals regarding:
• Access
• Rectification
• Deletion
• Restriction
• Portability
• Withdrawal of consent
• Objection
• Complaint rights
LeadClicks will NOT respond directly to individuals except when legally required.
DATA RETURN OR DELETION
Upon termination:
• LeadClicks will delete or return Personal Data at the Controller’s request
• Backups may remain archived for up to 90 days
• Legal retention requirements (e.g., accounting laws) supersede deletion requests
SECURITY MEASURES
LeadClicks implements:
• Encryption
• Regular penetration testing
• MFA on all systems
• Secure access controls
• Logging & monitoring
• Secure development practices
• Vendor compliance checks
• Segregated environments
• Backup & recovery protocols
LeadClicks takes reasonable steps to prevent unauthorized access.
DATA BREACH NOTIFICATION
In case of a breach:
• LeadClicks will notify the Client within 72 hours
• Provide details of affected data
• Share mitigation & remediation steps
• Cooperate fully with regulatory requirements
LIABILITY
LeadClicks’ liability under this DPA is limited to the amount paid under the Main Agreement during the 12 months preceding the event, except where prohibited by law.
LeadClicks is NOT liable for:
• Controller’s misuse of data
• Consent issues from the Controller’s systems
• Inaccurate instructions
• User-submitted data errors
• Third-party platform outages or errors
• Data loss caused by external vendors beyond LeadClicks’ reasonable control
TERM & TERMINATION
This Agreement:
• Begins when services start
• Continues until all data is deleted or returned
• Automatically applies to all active service engagements
Either party may terminate for:
• Material breach
• Legal non-compliance
• Business discontinuation
GOVERNING LAW
This DPA is governed by:
State of Florida
Disputes will be handled in the chosen jurisdiction.
ENTIRE AGREEMENT
This DPA:
• Supplements the Main Agreement
• Overrides conflicts related to privacy matters
• Does not replace commercial terms
CONTACT INFORMATION
For questions, requests, or notices:
LeadClicks — Data Protection Office
Email: connect@leadclicks.co
Address: 4604 49th St N #5270, Saint Petersburg, FL 33709
Empowering Startups, Fully Powered by LeadClicks!
Join Our Newsletter
Get updates, spam-free guarantee!
