top of page

Data Processing Agreement

Effective Date: Jan 08,2025

​

This Data Processing Agreement ("Agreement") forms part of the Terms and Conditions between you (the "Controller") and Transcend Enterprise LTD, trading as Review My Emails (the "Processor"), and sets out the terms under which we process personal data on your behalf in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Definitions

  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.

  • "Personal Data", "Processing", "Controller", "Processor", "Data Subject", "Supervisory Authority", and other terms shall have the meanings given in the GDPR.

  • "Services" refers to email list analysis, hygiene audits, deliverability consulting, and email verification services provided by Review My Emails.

2. Subject Matter and Duration

This Agreement governs the processing of Personal Data in connection with the Services and remains in effect as long as we provide such Services to the Controller.

3. Nature, Purpose, and Subject of Processing

We process Personal Data to:

  • Verify whether an email address exists and assess its deliverability (via Bouncer)

  • Conduct email list quality audits

  • Provide deliverability diagnostics and consulting

  • Generate reports on email performance
     

All data is processed in an online, automated environment, and primarily consists of contact data.

4. Types of Personal Data Processed

  • Email addresses (mandatory)

  • Names (if included in submitted lists or retrieved via Bouncer)

  • Metadata related to verification results (e.g., deliverability status)

 

No sensitive data is required or expected.

5. Categories of Data Subjects

  • Customers or potential customers of the Controller

  • Subscribers

  • Employees, agents, or any contact persons included in submitted email lists

6. Processor Obligations

We shall:

  • Process data only per documented instructions from the Controller

  • Ensure that staff or contractors are subject to confidentiality agreements

  • Implement technical and organizational measures to secure Personal Data

  • Assist the Controller in responding to Data Subject requests

  • Notify the Controller of any data breach within 72 hours of discovery

  • Delete or anonymize data upon request or after the agreed retention period

7. Subprocessors

The following subprocessors may be used to fulfill the Services:

  • Google Workspace (G Suite) – cloud and email services

  • Bouncer – email verification platform

  • Attio – CRM

  • Cakemail – analytics

  • SendGrid – email delivery

  • Typeform – intake forms

  • Wix, WordPress – website platform

  • GoDaddy – domain and DNS services

 

We ensure all subprocessors are bound by GDPR-compliant agreements.

8. Lawful Basis and Instructions

The Controller confirms that they have a lawful basis to process and share Personal Data under GDPR. We process data strictly based on your instructions, which may be given via platform interactions (App/API), support tickets, or written communications.

9. Data Retention and Deletion

  • Email data processed via Bouncer is retained for up to 60 days and then permanently anonymized and deleted.

  • The Controller may request deletion of any dataset at any time.

10. International Data Transfers

Some subprocessors may be located outside the UK/EU. In such cases, data is transferred under approved safeguards such as Standard Contractual Clauses (SCCs).

11. Audit and Logs

  • The Controller may conduct audits with reasonable notice.

  • Logs are maintained to track data processing operations, API usage, and access history.

12. Personal Data Breach

In case of a breach, we will notify the Controller without undue delay and no later than 72 hours after becoming aware of it, including scope, impact, and mitigation efforts.

13. Governing Law

This Agreement is governed by and construed under the laws of England and Wales.

bottom of page