DATA PROCESSING AGREEMENT (DPA)

Introduction

This Data Processing Agreement (“Agreement”) outlines MarketMosaicPro’s obligations as a data processor and the user’s obligations as a data controller under applicable privacy laws.
By using the Service, the user (“Controller”) and MarketMosaicPro (“Processor”) agree to the terms described herein.

This Agreement supplements the Terms & Conditions, Privacy Policy, and User Agreement.

Definitions

Controller: The user who uploads, stores, or manages personal data through the Service.
Processor: MarketMosaicPro, which processes personal data on behalf of the user.
Personal Data: Any information relating to an identifiable person.
Processing: Any operation performed on personal data, including storage, organization, transmission, or deletion.

Roles and Responsibilities

1. User Responsibilities (Controller):
The user is responsible for:

• Lawfully collecting all personal data
• Obtaining explicit consent where required
• Maintaining regulatory compliance in their jurisdiction
• Responding to client data requests
• Ensuring that all uploaded data is accurate and appropriate

MarketMosaicPro does not verify whether the user has obtained lawful consent.

2. MarketMosaicPro Responsibilities (Processor):
We will:

• Process data only as instructed by the Controller
• Provide secure data storage and transmission
• Implement appropriate technical and organizational safeguards
• Assist with data access or deletion requests when submitted by the user
• Notify the Controller of any discovered security breach without undue delay

Permitted Processing Activities

MarketMosaicPro may process data only for purposes necessary to provide the Service, including:

• Account creation and authentication
• Storage, organization, and retrieval of user-uploaded data
• Email sending or communication features
• System monitoring, optimization, and security
• Backup and redundancy operations
• Billing and subscription management

No processing will occur outside of these functions unless required by law.

Data Security Measures

We implement industry-standard safeguards including:

• Encrypted connections (TLS/SSL)
• Secure data hosting environments
• Access controls and authentication procedures
• Firewalls and threat monitoring
• Regular vulnerability assessments
• Strict internal data handling protocols

Although no system can guarantee absolute security, we take all reasonable steps to protect data.

Sub-Processors

We may engage third-party providers (“sub-processors”) for:

• Hosting and data storage
• Email delivery
• Analytics and diagnostics
• Payment processing

All sub-processors operate under their own privacy terms and maintain industry-standard security.

A current list of sub-processors is available upon request.

International Data Transfers

Personal data may be processed or stored in a jurisdiction outside the user’s home country.
We use reasonable safeguards to maintain compliance with international data transfer laws.

Data Subject Rights

Users may submit requests regarding their clients’ personal data, including:

• Access
• Correction
• Deletion
• Restriction of processing
• Portability

MarketMosaicPro will assist Controllers in fulfilling these requests when feasible.

Data Breach Notification

In the event of a confirmed data breach affecting user data:

• MarketMosaicPro will notify the Controller without undue delay
• Provide relevant details as they become available
• Cooperate to mitigate impact

The Controller is responsible for notifying affected individuals when required by law.

Data Retention and Deletion

Upon termination of an account:

• User data is deleted according to our Data Retention & Destruction Policy
• Backups may retain temporary copies before automated overwrite
• The Controller may request expedited deletion by submitting a valid request

MarketMosaicPro does not retain personal data beyond what is required for legal or operational obligations.

Audit Rights

Controllers may request information about our data protection practices, security measures, or relevant certifications.
Formal audits may be accommodated when required by law, subject to reasonable limitations.

Prohibited Actions

Users may not:

• Upload data obtained unlawfully
• Store sensitive personal data without explicit consent
• Use the Service for surveillance or harmful activities
• Use the Service to violate privacy regulations

MarketMosaicPro reserves the right to suspend or terminate accounts that violate these conditions.

Duration of Agreement

This Agreement remains in effect for as long as the user maintains an active account or until terminated by either party, provided all data processing obligations have been fulfilled.

Governing Law

This Agreement is governed by the laws of Ontario, Canada, unless superseded by mandatory data protection laws in the user’s jurisdiction.