Data Processing Agreement

This document is an English translation of the Italian version of the Data Processing Agreement. In case of any conflict, discrepancy or inconsistency between the Italian version and this English version, the Italian version shall prevail.

1. Parties to the Agreement

This Data Processing Agreement (DPA) is entered into between:

Data Processor: Methodia S.r.l.s., Via Generale Giuseppe Valle 83, 00148 Rome (RM), Italy, VAT No. 17073671004 (“Methodia” or the “Provider”)
Data Controller: the organization that has entered into an agreement for the use of the Leadoop platform (the “Client” or the “Controller”)

2. Subject Matter and Purpose

This DPA governs the processing of personal data carried out by Methodia on behalf of the Client in connection with the provision of the Leadoop service, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws.

3. Data Processed

As part of the service, Methodia processes the following categories of personal data on behalf of the Client:

Identification and contact data of leads (name, email, phone number, company)
Platform user data (name, email, role, activity logs)
Information relating to appointments and commercial activities
Technical platform usage data (IP address, user agent, timestamp)

4. Obligations of the Processor (Methodia)

Methodia undertakes to:

Process personal data only on documented instructions from the Client
Ensure the confidentiality of the data
Implement appropriate technical and organizational measures pursuant to Article 32 GDPR
Not transfer data to third parties without the Client’s written authorization, unless required by law
Assist the Client in complying with the obligations set out in Articles 32–36 GDPR
Delete or return all data at the end of the agreement, in accordance with the Client’s instructions
Make available all information necessary to demonstrate compliance with this DPA

5. Obligations of the Controller (Client)

The Client undertakes to:

Provide Methodia with documented instructions regarding the processing
Ensure that the data processed through the platform has been lawfully collected
Promptly inform Methodia of any changes to the purposes of processing
Verify that the security measures adopted by Methodia are appropriate

6. Sub-processors

Methodia may use sub-processors for the provision of the service. The main sub-processors currently used include:

Cloud hosting and infrastructure providers (e.g. database and server services)
Transactional email service providers (e.g. Resend)

Methodia ensures that sub-processors provide sufficient guarantees under the GDPR and notifies the Client within reasonable advance notice of any changes.

7. International Data Transfers

Personal data is mainly processed within the European Economic Area (EEA). Any transfer to third countries shall take place in compliance with the safeguards provided under Chapter V of the GDPR, including adequacy decisions, Standard Contractual Clauses or equivalent mechanisms.

8. Security Measures

Methodia adopts, among others, the following security measures:

Password encryption using the PBKDF2-SHA512 algorithm
Encrypted communications via HTTPS/TLS
Tenant-based data isolation in a multi-tenant architecture
Role-based access control (RBAC)
Audit logs for sensitive operations
Sessions using HttpOnly and SameSite cookies

9. Personal Data Breaches

In the event of a personal data breach within the meaning of Article 4(12) GDPR, Methodia shall notify the Client without undue delay and in any case within 48 hours of becoming aware of the breach, providing all available information necessary to enable the Client to comply with its notification obligations to the supervisory authority under Article 33 GDPR and, where applicable, to data subjects under Article 34 GDPR.

10. Data Subject Rights

Methodia shall assist the Client in handling requests from data subjects exercising their rights under Articles 15–22 GDPR, including access, rectification, erasure, restriction of processing, data portability and objection. The Client remains responsible for responding to data subjects.

11. Retention and Deletion of Data

Upon termination of the service agreement, Methodia shall delete or return to the Client all personal data processed on its behalf, including existing copies, unless retention is required under European Union or Member State law. The methods and timing of deletion are governed by the main agreement.

12. Term

This DPA remains in force for the entire duration of the agreement for the use of the Leadoop platform and automatically terminates upon termination of such agreement, without prejudice to obligations that by their nature survive termination.

13. Amendments

Methodia reserves the right to update this DPA to reflect regulatory or technological changes. The Client will be informed at least 30 days in advance. Continued use of the service after such period constitutes acceptance of the amendments.

14. Governing Law and Jurisdiction

This DPA is governed by Italian law. Any dispute shall be subject to the exclusive jurisdiction of the Court of Rome, unless otherwise agreed in writing between the parties.

15. Contact

For any communication relating to this DPA:

Email: info@leadoop.com
Please also refer to the Terms and Conditions

1. Parties to the Agreement

This Data Processing Agreement (DPA) is entered into between:

Data Processor: Methodia S.r.l.s., Via Generale Giuseppe Valle 83, 00148 Rome (RM), Italy, VAT No. 17073671004 (“Methodia” or the “Provider”)
Data Controller: the organization that has entered into an agreement for the use of the Leadoop platform (the “Client” or the “Controller”)

2. Subject Matter and Purpose

3. Data Processed

As part of the service, Methodia processes the following categories of personal data on behalf of the Client:

Identification and contact data of leads (name, email, phone number, company)
Platform user data (name, email, role, activity logs)
Information relating to appointments and commercial activities
Technical platform usage data (IP address, user agent, timestamp)

4. Obligations of the Processor (Methodia)

Methodia undertakes to:

Process personal data only on documented instructions from the Client
Ensure the confidentiality of the data
Implement appropriate technical and organizational measures pursuant to Article 32 GDPR
Not transfer data to third parties without the Client’s written authorization, unless required by law
Assist the Client in complying with the obligations set out in Articles 32–36 GDPR
Delete or return all data at the end of the agreement, in accordance with the Client’s instructions
Make available all information necessary to demonstrate compliance with this DPA

5. Obligations of the Controller (Client)

The Client undertakes to:

Provide Methodia with documented instructions regarding the processing
Ensure that the data processed through the platform has been lawfully collected
Promptly inform Methodia of any changes to the purposes of processing
Verify that the security measures adopted by Methodia are appropriate

6. Sub-processors

Methodia may use sub-processors for the provision of the service. The main sub-processors currently used include:

Cloud hosting and infrastructure providers (e.g. database and server services)
Transactional email service providers (e.g. Resend)

Methodia ensures that sub-processors provide sufficient guarantees under the GDPR and notifies the Client within reasonable advance notice of any changes.

7. International Data Transfers

8. Security Measures

Methodia adopts, among others, the following security measures:

Password encryption using the PBKDF2-SHA512 algorithm
Encrypted communications via HTTPS/TLS
Tenant-based data isolation in a multi-tenant architecture
Role-based access control (RBAC)
Audit logs for sensitive operations
Sessions using HttpOnly and SameSite cookies

9. Personal Data Breaches

10. Data Subject Rights

11. Retention and Deletion of Data

12. Term

13. Amendments

14. Governing Law and Jurisdiction

This DPA is governed by Italian law. Any dispute shall be subject to the exclusive jurisdiction of the Court of Rome, unless otherwise agreed in writing between the parties.

15. Contact

For any communication relating to this DPA:

Email: info@leadoop.com
Please also refer to the Terms and Conditions

Data Processing Agreement (DPA)

1. Parties to the Agreement

2. Subject Matter and Purpose

3. Data Processed

4. Obligations of the Processor (Methodia)

5. Obligations of the Controller (Client)

6. Sub-processors

7. International Data Transfers

8. Security Measures

9. Personal Data Breaches

10. Data Subject Rights

11. Retention and Deletion of Data

12. Term

13. Amendments

14. Governing Law and Jurisdiction

15. Contact

Data Processing Agreement (DPA)

1. Parties to the Agreement

2. Subject Matter and Purpose

3. Data Processed

4. Obligations of the Processor (Methodia)

5. Obligations of the Controller (Client)

6. Sub-processors

7. International Data Transfers

8. Security Measures

9. Personal Data Breaches

10. Data Subject Rights

11. Retention and Deletion of Data

12. Term

13. Amendments

14. Governing Law and Jurisdiction

15. Contact

Data Processing Agreement (DPA)

1. Parties to the Agreement

2. Subject Matter and Purpose

3. Data Processed

4. Obligations of the Processor (Methodia)

5. Obligations of the Controller (Client)

6. Sub-processors

7. International Data Transfers

8. Security Measures

9. Personal Data Breaches

10. Data Subject Rights

11. Retention and Deletion of Data

12. Term

13. Amendments

14. Governing Law and Jurisdiction

15. Contact