This Data Processing Addendum ("DPA") forms part of the agreement between Fin Leads Pro ("Processor") and the Client ("Controller") and applies where we process personal data on the Client's behalf.
1. Subject matter & duration
Processing is carried out for the purpose of generating, verifying and delivering investor leads to the Controller, for the duration of the underlying engagement.
2. Nature & purpose
Collection of lead data via paid campaigns, OTP verification, fraud screening, CRM delivery and reporting.
3. Categories of data & data subjects
- Categories: identification (name), contact (email, phone), location (country), product interest, consent records, technical metadata.
- Data subjects: prospective investors who interact with campaigns operated for the Controller.
4. Processor obligations
- Process personal data only on documented instructions from the Controller.
- Ensure personnel are bound by confidentiality.
- Implement appropriate technical and organisational security measures.
- Assist with data-subject requests, DPIAs and breach notifications.
- Delete or return data at the end of the engagement, save where retention is required by law.
5. Sub-processors
We use vetted sub-processors including hosting, advertising platforms, OTP/verification providers and CRM connectors. A current list is available on request and the Controller will be notified of material changes.
6. International transfers
Where personal data is transferred outside the UK/EEA, we use Standard Contractual Clauses or another lawful transfer mechanism.
7. Security measures
Encryption in transit, access controls on a least-privilege basis, audit logging, and regular review of security practices.