Data Processing Agreement (DPA)

  

Effective date: June 30 2025

Last updated: June 30 2025

  

This Data Processing Agreement ("Agreement") is entered into by and between:

  

  • Client ("Data Controller"), the entity using Leadsync services to collect and process personal data on its website,

  

  • and *FOP Sandyriev Illia Leonidovych, the sole proprietor operating Leadsync, registered under the laws of Ukraine, acting as the Data Processor.

  

  

1. Subject of the Agreement

  

This Agreement governs the processing of personal data by Leadsync on behalf of the Client through its lead collection widget, analytics interface, and advertising integrations.

  

  

2. Types of Data Processed

  

  • Contact data (e.g. name, phone number, email)

  

  • Behavioral data (e.g. form submissions, click events)

  

  • Traffic source data (e.g. UTM, GCLID)

  

  • CRM-related status data (e.g. qualification stage), if provided by Client

  

  

3. Categories of Data Subjects

  

Website visitors and users interacting with the Client’s website via Leadsync widgets or forms.

  

  

4. Purpose of Processing

  

  • Delivering qualified leads to advertising/analytics platforms

  

  • Visualizing lead and traffic attribution in the Leadsync interface

  

  • Internal logging and technical troubleshooting (non-identifiable unless client chooses otherwise)

  

  

5. Processor Obligations

  

Leadsync agrees to:

  

  • Process data only under the instructions of the Client

  

  • Implement basic security measures (SSL encryption, limited access, firewall protection)

  

  • Refrain from using personal data for its own purposes

  

  • Notify the Client in case of any data breach or unauthorized access

  

  • Not engage third-party subprocessors without prior consent

  

  

6. Client Obligations

  

The Client agrees to:

  

  • Collect and store data in compliance with applicable privacy laws (e.g., GDPR, Ukrainian Law on Personal Data Protection)

  

  • Obtain valid consent from users for data collection and processing

  

  • Refrain from using Leadsync to process special categories of personal data (e.g. health, religion)

  

  • Ensure that only the necessary data is transmitted through the Leadsync platform

  

  

7. Data Location and Storage

  

All data is stored on private virtual servers physically located in the European Union and maintained by the Leadsync team. No data is transferred outside the EU without legal safeguards (e.g. SCCs).

  

  

8. Rights of Data Subjects

  

The Processor shall assist the Client in fulfilling requests from Data Subjects related to:

  

  • Access, correction, deletion

  

  • Restriction or objection to processing

  

  • Data portability (if applicable)

  

  

9. Deletion or Return of Data

  

Upon termination of the agreement, the Processor shall delete or return all personal data to the Client upon request within 30 days, unless retention is required by applicable law.

  

  

10. Liability

  

The Processor shall not be liable for any unlawful data collection or usage performed by the Client. Each party remains responsible for compliance with their respective obligations under applicable data protection laws.

  

  

11. Jurisdiction and Applicable Law

  

This Agreement shall be governed by the laws of Ukraine and applicable European Union regulations (including the GDPR). Any disputes shall be resolved by competent courts in the Client's country of residence or in Ukraine, as mutually agreed.

  

  

Signed electronically by both parties through acceptance of the general Terms & Conditions on the Leadsync website.