Data Processing Agreement
Last updated: 2026-07-03
This Data Processing Agreement ("DPA") is a template that forms part of the agreement between the customer ("Controller") and [COMPANY LEGAL NAME] ("Processor"). It is provided for review and is intended to be executed (counter-signed) by business customers who require it.
1. Roles
For personal data the customer submits or authorizes us to process (including Amazon Ads account data), the customer is the Controller and Zarox is the Processor.
2. Subject matter & duration
We process personal data to provide the Zarox service, for the duration of the customer's subscription and any legally required retention period thereafter.
3. Nature & purpose of processing
Automating and optimizing the customer's Amazon Advertising campaigns, including migration, bid optimization, reporting, and support.
4. Categories of data & data subjects
Account and contact data of the customer's authorized users, and advertising-account data connected by the customer.
5. Sub-processors
We engage the sub-processors listed on our Sub-processors page and remain responsible for their compliance. We will inform Controllers of material changes.
6. Security measures
We apply appropriate technical and organizational measures, including encryption of credentials at rest, access controls, and encrypted transport.
7. International transfers
Where personal data is transferred outside [JURISDICTION], we rely on Standard Contractual Clauses or another lawful transfer mechanism.
8. Assistance & breach notification
We assist the Controller with data-subject requests and, in the event of a personal-data breach, notify the Controller without undue delay.
9. Deletion or return
On termination, we delete or return personal data at the Controller's choice, subject to legal retention requirements.
10. Audits
We make available information reasonably necessary to demonstrate compliance with this DPA.
To execute this DPA for your organization, contact [PRIVACY CONTACT EMAIL].