Data Processing Agreement (DPA)

Last updated: 13 June 2026

This document describes standard Art. 28 GDPR processing terms between a B2B customer (“Controller”) and ZORDON INTELLIGENCE Sp. z o.o. (“Processor”) for the ProperSend platform. **When the paid service launches, a binding agreement is formed by acceptance during account registration** (checkbox + DPA version) or a signed individual contract. This page is the current terms template.

1. Parties and roles

Customer (Controller) — B2B entity using ProperSend for lead generation, cold email, CRM, and related sales processes.

Processor — ZORDON INTELLIGENCE Sp. z o.o., ul. Gdańska 129, 90-063 Łódź, VAT 7252358503, KRS 0001190915.

For prospect, lead, and contact data processed in ProperSend by the Customer, the Customer remains Controller and the Processor acts only on documented instructions.

2. Subject and term

The Processor processes personal data to provide ProperSend (hosting customer data, sending messages on the Customer’s instructions, campaign analytics, CRM, operational logs) for the term of the service agreement and any period required for settlement or claims.

3. Data categories

Scope depends on Customer use, typically:

  • business contact identification data (name, work email, role, phone);
  • company data from public registers (e.g. Polish KRS, CEIDG) and research sources;
  • email content and delivery metadata (dates, delivery status, replies);
  • technical and operational logs related to the Customer’s campaigns.

4. Processor obligations

The Processor shall:

  • process data only on documented Customer instructions and per GDPR;
  • ensure persons authorized to process data are bound by confidentiality;
  • implement appropriate technical and organisational measures (encryption in transit, access control, backups);
  • assist the Customer with data subject requests where technically feasible;
  • assist with DPIAs and supervisory authority consultations when required;
  • delete or return data after service end per Customer choice unless retention is required by law;
  • provide information necessary to demonstrate Art. 28 GDPR compliance;
  • notify the Customer of intended subprocessor changes with objection rights.

5. Subprocessors

The Customer authorizes subprocessors listed at /subprocesorzy. The Processor ensures subprocessors are bound by equivalent protection.

Material subprocessor changes will be notified in advance with objection or termination rights where applicable.

6. Personal data breaches

The Processor will notify the Customer without undue delay — within 48 hours of becoming aware — of a breach affecting the Customer’s data, with information needed for the Customer’s Art. 33/34 GDPR obligations.

7. Audit

On reasonable request, the Processor provides information demonstrating compliance (security descriptions, certifications if available). On-site audits may be agreed without compromising other customers’ confidentiality.

8. Acceptance and versioning

Before processing prospect data in the SaaS platform, the Customer accepts this DPA and the Terms via checkbox at account registration (document version and timestamp recorded). Current DPA version: 2026-06-13-v1.

An individual (enterprise) agreement or electronically signed PDF prevails over the online version.

Material DPA changes will be notified in advance with objection or termination rights under Art. 28(3)(a) GDPR.

9. Final provisions

This template supplements the Terms and ProperSend service agreement. A signed individual agreement prevails in case of conflict.

For an executed DPA or enterprise terms: hello@propersend.pl. Privacy: privacy@propersend.pl.