Data Processing Agreement

Piixoo – Data Processing Addendum (DPA)

Effective as of July 25, 2025

This Data Processing Addendum (“DPA”) forms part of the General Terms and Conditions of Use and Privacy Policy between the Client (the “Data Controller”) and 11 Technology Group, doing business as Piixoo (“Piixoo”, “Processor”, “we”, “us”).

This DPA reflects the parties’ agreement regarding the processing of personal data under the EU General Data Protection Regulation (GDPR) and any other applicable data protection laws.

1. Subject Matter and Duration

This DPA governs Piixoo’s processing of personal data on behalf of the Controller in connection with the provision of its services. It remains in effect for the duration of the contractual relationship.

2. Nature and Purpose of Processing

Piixoo processes personal data solely for the purpose of providing its email marketing and automation services, including but not limited to: email delivery, bounce handling, warm-up, analytics, and storage. Processing will be limited to what is necessary for service provision.

3. Categories of Data Subjects and Data

• Categories of Data Subjects: Clients’ customers, prospects, subscribers, employees or other individuals whose data are uploaded to Piixoo by the Controller.
• Categories of Personal Data: Names, email addresses, job titles, company names, interaction logs (open/click), IP addresses, contact metadata.

4. Obligations of the Processor

Piixoo agrees to:

• Process data only on documented instructions from the Controller
• Ensure that authorized personnel are bound by confidentiality
• Implement appropriate technical and organizational measures to ensure data security
• Assist the Controller in fulfilling data subjects’ rights (access, rectification, erasure, etc.)
• Assist with data protection impact assessments when applicable
• Notify the Controller without undue delay after becoming aware of a data breach
• At the end of service, delete or return all personal data unless required by law to retain it

5. Subprocessors

The Controller authorizes Piixoo to engage subprocessors to perform specific processing activities. Piixoo ensures that such subprocessors are subject to written agreements that impose the same data protection obligations. A list of current subprocessors is available upon request.Examples of subprocessors may include infrastructure providers, support platforms, or email infrastructure services. The full list is available upon request.

6. International Transfers

If personal data is transferred outside the European Economic Area (EEA), Piixoo ensures that such transfers are subject to appropriate safeguards under Chapter V of the GDPR, including the use of Standard Contractual Clauses.

7. Data Subject Requests

To the extent legally permitted, Piixoo will promptly inform the Controller if it receives a request from a data subject. Piixoo shall not respond to the request itself unless instructed by the Controller. Piixoo shall provide reasonable assistance to allow the Controller to respond to such requests.

8. Audits and Inspections

Upon written request, Piixoo shall make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits by the Controller or an authorized auditor once per year, subject to reasonable notice and confidentiality.

9. Termination and Data Deletion

Upon termination of the services, Piixoo shall delete or return all personal data to the Controller, unless otherwise required by applicable law. This obligation excludes archived data required for compliance or dispute resolution.

10. Contact Information

For questions regarding this DPA or to request a signed version: