Data Processing Addendum (DPA)

Last updated: February 3, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between Beacon Match, LLC ("Processor") and the customer ("Controller") governing the use of Beacon Match's services ("Services").

This DPA applies where Beacon Match processes Personal Data on behalf of the Controller and supplements any existing agreement between the parties.

1. Definitions

For purposes of this DPA:

• "Applicable Data Protection Law" means all laws and regulations applicable to the processing of Personal Data, including GDPR, UK GDPR, and related legislation.
• "Controller" means the entity that determines the purposes and means of processing Personal Data.
• "Processor" means the entity that processes Personal Data on behalf of the Controller.
• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" has the meaning given in Applicable Data Protection Law.
• "Sub-processor" means a third party engaged by the Processor to process Personal Data.

2. Scope and Roles

2.1 The Controller is the data controller of Personal Data processed using the Services.

2.2 Beacon Match acts as a data processor when processing Personal Data on behalf of the Controller.

2.3 Each party shall comply with its respective obligations under Applicable Data Protection Law.

3. Details of Processing

3.1 Subject Matter

Provision of personalization, message matching, analytics, and optimization services.

3.2 Duration

For the duration of the Controller"s use of the Services, unless otherwise agreed.

3.3 Nature and Purpose

Processing to:

• Deliver dynamic landing page personalization
• Analyze traffic signals and interactions
• Measure performance and conversions
• Improve Service functionality

3.4 Categories of Data Subjects

• Website visitors
• End users
• Prospective customers
• Business users

3.5 Types of Personal Data

May include:

• IP addresses
• Device and browser data
• Traffic source and referral data
• Interaction and behavioral data
• Conversion events

Beacon Match does not intentionally process special categories of personal data.

4. Processor Obligations

Beacon Match shall:

a. Process Personal Data only on documented instructions from the Controller
b. Ensure personnel are bound by confidentiality obligations
c. Implement appropriate technical and organizational security measures
d. Assist the Controller with data subject rights requests where applicable
e. Assist with security and breach notifications
f. Delete or return Personal Data upon termination, unless legally required to retain it

5. Controller Obligations

The Controller represents and warrants that:

a. It has a lawful basis for collecting and sharing Personal Data
b. It has provided required notices and obtained consent where required
c. Instructions to Processor comply with Applicable Data Protection Law
d. It is responsible for the accuracy, quality, and legality of Personal Data

6. Sub-processors

6.1 The Controller authorizes Beacon Match to engage Sub-processors to provide the Services.

6.2 Beacon Match shall:

• Use Sub-processors that provide adequate data protection safeguards
• Remain responsible for Sub-processor performance
• Make available a list of Sub-processors upon request

6.3 Beacon Match will notify customers of material Sub-processor changes where required by law.

7. International Data Transfers

7.1 Personal Data may be transferred outside the EEA, UK, or Switzerland.

7.2 Where required, Beacon Match relies on:

• Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum
• Other lawful transfer mechanisms

8. Security Measures

Beacon Match implements reasonable security measures including:

• Access controls
• Encryption in transit
• Secure infrastructure
• Monitoring and logging

Security measures are designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

9. Personal Data Breach

9.1 Beacon Match shall notify the Controller without undue delay after becoming aware of a Personal Data breach affecting Personal Data processed on behalf of the Controller.

9.2 Notification will include available information required under Applicable Data Protection Law.

10. Data Subject Requests

Beacon Match shall:

• Promptly notify the Controller of data subject requests
• Not respond directly unless authorized
• Provide reasonable assistance to enable compliance

11. Deletion and Return of Data

Upon termination of the Services:

• Beacon Match shall delete or return Personal Data within a reasonable time
• Unless retention is required by law

12. Audits

12.1 Beacon Match shall make available information reasonably necessary to demonstrate compliance.

12.2 Audits shall:

• Be conducted no more than once per year
• Be subject to reasonable confidentiality and notice requirements
• Not unreasonably disrupt operations

13. Liability

Liability under this DPA is subject to limitations set forth in the underlying agreement between the parties.

14. Governing Law

This DPA shall be governed by the laws specified in the primary agreement between the parties.

15. Contact Information

Beacon Match, LLC
Location: Florida, United States
Email: support@yourdomain.com