Data Processing Agreement

Last updated: October 18, 2025

Parties

Data Controller: Nodeadline Studio LLC (Business ID: 314396169)
Address: Hefziba 8, Haifa, Israel
Email: info@leadideal.com
Phone: +972-50-3487788

Data Processor: [Customer/Client Name]
Address: [Customer Address]
Email: [Customer Email]

Data Processing Purposes

We process personal data for the following purposes:

• B2B Lead Generation: Discovery and validation of business contacts
• Service Delivery: Providing verified business research reports to customers
• Quality Assurance: Data validation and accuracy verification
• Customer Support: Communication and service improvement
• Legal Compliance: Meeting regulatory requirements

Legal Basis for Processing

We process personal data based on:

• Legitimate Business Interests (Article 6(1)(f) GDPR) - B2B lead generation services
• Contract Performance (Article 6(1)(b) GDPR) - Service delivery obligations
• Legal Obligation (Article 6(1)(c) GDPR) - Tax and business compliance
• Consent (Article 6(1)(a) GDPR) - Marketing communications (where applicable)

Categories of Personal Data

We process the following categories of personal data:

• Business Contact Information: Names, titles, company names, business addresses
• Contact Details: Business email addresses, phone numbers
• Professional Information: Industry, company size, job titles
• Customer Data: Billing information, order specifications, communication records
• Technical Data: IP addresses, browser information, website usage data

Data Subject Categories

We process personal data relating to:

• Business Professionals: Executives, managers, decision-makers
• Company Representatives: Business owners, employees, contractors
• Our Customers: Individuals who purchase our services
• Website Visitors: Individuals who visit our website

Data Sources

We collect personal data from:

• Google Places API: Public business listings and information
• Business Registries: Official company registration databases
• Public Directories: Professional and business directories
• Social Media: Publicly available professional profiles
• Direct Collection: Information provided by customers

Data Processing Activities

We perform the following processing activities:

• Collection: Gathering data from lawful public sources
• Validation: Verifying accuracy and deliverability of contact information
• Enrichment: Adding additional business information where available
• Quality Control: Reviewing and filtering data for accuracy
• Delivery: Providing processed data to customers
• Storage: Secure storage of data for service delivery

Technical and Organizational Measures

We implement the following security measures:

• Encryption: Data encrypted in transit and at rest
• Access Controls: Role-based access to personal data
• Authentication: Multi-factor authentication for system access
• Monitoring: Continuous monitoring of data access and usage
• Backup Security: Encrypted backups with restricted access
• Staff Training: Regular training on data protection requirements
• Incident Response: Procedures for handling data breaches

Data Retention

We retain personal data for the following periods:

• Business Contacts: 3 years from last contact or as required by law
• Customer Data: 7 years for tax and legal compliance
• Marketing Data: Until consent is withdrawn
• Technical Data: 12 months for security and functionality

Data Sharing and Transfers

We may share data with:

• PayPal: Payment processing (subject to PayPal's privacy policy)
• Google Places API: Lead discovery (subject to Google's terms)
• Legal Authorities: When required by law
• Service Providers: Under strict data processing agreements

International Transfers: Data may be transferred to the United States under appropriate safeguards including Standard Contractual Clauses (SCCs).

Data Subject Rights

Data subjects have the following rights:

• Right of Access: Request copies of personal data
• Right of Rectification: Correct inaccurate data
• Right of Erasure: Request deletion of personal data
• Right to Restrict Processing: Limit how we use personal data
• Right to Data Portability: Receive data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

Data Breach Procedures

In case of a data breach, we will:

• Notify relevant authorities within 72 hours (GDPR requirement)
• Inform affected individuals without undue delay
• Document all breaches and remedial actions
• Implement measures to prevent future breaches

Sub-Processors

We may use the following sub-processors:

• Google LLC: Google Places API services
• PayPal Holdings Inc: Payment processing services
• Hosting Providers: Secure data storage and processing

All sub-processors are bound by appropriate data processing agreements.

Compliance and Auditing

We maintain compliance with:

• GDPR: General Data Protection Regulation (EU)
• Israeli Privacy Law: Local data protection requirements
• Industry Standards: Best practices for data protection

We conduct regular audits and assessments of our data processing activities.

Contact Information

For data protection questions or to exercise your rights:

Email: info@leadideal.com
Phone: +972-50-3487788
Address: Hefziba 8, Haifa, Israel

Data Protection Officer: Available upon request at info@leadideal.com