HomeServicesAboutBlogPartnershipsContactGet Free Audit

Data Processing

DPA Framework | Last Updated: May 12, 2026

1. Data Processing Addendum (DPA)

This Data Processing Addendum ("Addendum") forms part of the Master Service Agreement between Zonal Ape LLC ("Processor") and our Clients ("Controller"). It reflects the parties' agreement with regard to the processing of personal data, in accordance with the requirements of Data Protection Laws.

All capitalized terms not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the Agreement and this Addendum, the terms of this Addendum shall prevail.

2. Definitions

  • "Data Protection Laws" means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, and the United States (including CCPA/CPRA), applicable to the Processing of Personal Data under the Agreement.
  • "Sub-processor" means any third party appointed by Zonal Ape to process Personal Data in connection with the Services.
  • "Security Incident" means any confirmed unauthorized or unlawful breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Personal Data.

3. Scope and Nature of Processing

Subject Matter

The subject matter of Data Processing under this Addendum is the Personal Data provided by the Controller to the Processor for the purpose of executing growth marketing services.

Duration

The duration of Data Processing is the term of the professional engagement plus any period thereafter required by law or specified in the Agreement.

Categories of Data Subjects

Employees of the Controller, customers of the Controller, and prospective leads of the Controller.

4. Processor Obligations

Zonal Ape agrees to the following mandates in our capacity as a Data Processor:

  • Instruction-Based Processing: We will only process Personal Data on the documented instructions of the Controller.
  • Confidentiality: We ensure that all personnel authorized to process Personal Data have committed themselves to strict confidentiality.
  • Security Measures: We implement and maintain appropriate technical and organizational measures as outlined in our Privacy Policy to protect Personal Data.
  • Sub-processor Transparency: We will inform the Controller of any intended changes concerning the addition or replacement of Sub-processors.

5. Audit and Compliance

Zonal Ape shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

Audits shall be conducted during normal business hours, upon reasonable prior written notice, and no more than once per calendar year, unless a Security Incident has occurred.

6. Security Incident Response

In the event of a confirmed Security Incident, Zonal Ape shall notify the Controller without undue delay (and in any event within 48 hours) after becoming aware of the incident.

We will provide the Controller with all reasonable assistance in their investigation and mitigation of the impact of such incident, including information required for regulatory notifications.

7. Return or Deletion of Data

Upon termination of the Services, Zonal Ape shall, at the choice of the Controller, delete or return all Personal Data to the Controller, unless local law requires the continued storage of such Personal Data.

8. DPA Execution and Support

For more detailed information or to request a signed copy of our DPA for your compliance records, please contact:

Zonal Ape LLC

Legal Compliance Office

compliance@zonalape.com