This agreement is between
Data Processor or MillionVerifier: MillionVerifier Limited, a company registered in England and Wales, 30 Brunel Road, Manor Trading Estate, Benfleet, SS7 4PS, United Kingdom
Data Controller: a person or company that controls the personal data processed using MillionVerifier Services.
Website: MillionVerifier.com and any of its subdomains.
Service or Services: all content, services and products available at, or through the Website, including, but not limited to, verifying email addresses using MillionVerifier's Website or API.
API: Automated application programming interface to connect MillionVerifier's Services with other websites, servers or applications.
Personal Data: any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Data Subject: an individual to whom Personal Data relates.
Data Processing: processing of data on behalf of the Data Controller.
GDPR: General Data Protection Regulation (EU) 2016/679
Nature, purpose and subject of Data Processing
The purpose of processing is to identify whether an email address exists. This verification happens in an online, fully automated system. The subject matter of the contract is email verification.
Type of Personal Data
For the purpose of verifying an email address MillionVerifier requires the email address only, it is a contact data.
Categories of Data Subject
Data Subjects may fall into any of the following categories: customers, potential customers, subscribers, employees, suppliers, agents, contact persons, or any other categories.
It is agreed that by signing this Data Protection Agreement any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this contract relieves the Data Processor nor the Data Controller of its own direct responsibilities and liabilities under the GDPR.
The Data Processor provides the Data Controller with whatever information it needs to ensure they both meet the obligations under GDPR. The Data Controller is responsible for maintaining Data Subjects’ rights. The Data Processor assists the Data Controller allowing Data Subjects to exercise their rights.
The Data Processor ensures that people accessing the Personal Data are subject to a duty of confidence. The Data Processor may not use sub-processors without the prior written authorisation of the Data Controller.
The Data Processor will keep all Personal Data confidential and not disclose such data to third parties unless it has been authorised by the Data Controller or is required by law.
The Data Controller must have a lawful basis before beginning processing and should document it. The Data Processor reserves the right to ask the Data Controller for their documented lawful basis for processing. If requested the Data Controller must present their documented lawful basis for processing immediately but not later than 7 days.
Duration of Processing
Real time Data Processing through real time API takes no longer than 1 minute. Data uploaded in files – whether uploaded manually or using bulk API – may be processed as soon as possible after the verification initiated by the Data Controller but cannot take longer than 7 days. In terms of this agreement the Data Controller may initiate Data Processing as long as MillionVerifier provides its Services.
Cross Border Transfer of Personal Data
The Data Processor stores and processes Personal Data on its servers in the European Union only.
Security of Processing
The Data Processor takes appropriate measures to ensure the security of Data Processing. The Data Processor provides SSL protection on all its Website. The Data Processor does not store Personal Data processed through single API calls. Servers that process or store raw data are accessible through the Data Processor’s own virtual private network only. The Data Processor stores result files in an encrypted format.
The data is processed automatically on the Data Processor’s servers, without human interaction. If the Data Controller requests, or in certain cases when Data Processor wishes to review user activities, the Data Processor’s colleagues have the right to review files uploaded and result files provided on the Data Processor’s Website. In case the Data Processor need to investigate a complaint, the Data Processor might process or re-process data through its system. The Data Processor makes sure the colleagues are vetted and trained before allowing them to complete any review. This review happens in a safe environment, all files are deleted after review.
From time to time the Data Processor might use contractors to develop its Services. These contractors must specifically agree not to use data other than specifically requested by the Data Processor. All employees and contractors of the Data Processor accessing Personal Data are required to sign a non-disclosure agreement. The Data Processor completes data protection impact assessments at least once a year and takes necessary actions to improve data security if any improvement areas are found.
Deletion of Personal Data
The Data Processor stores original and results files for up to 2 months only, after this period all files are automatically and permanently deleted.
Data Controller may delete their files at any time.
Personal Data processed using real time API are not stored at all by the Data Processor.
Personal Data Breach
The Data Processor will notify the Data Controller about any Personal Data breaches – including but not limited to accidental or unlawful access or disclosure - within 72 hours of becoming aware of the breach.
The Data Processor shall not be liable for any of the Data Controller’s claims, damages, losses, expenses, costs or other liability in the event of Personal Data breach or loss under any circumstances.
The Data Processor agrees to coordinate with supervisory authorities.
Instructions and Logs
The Data Controller must instruct the Data Processor to process Personal Data. The Data Processor will process as and when the Data Controller instructs. The Data Processor provides a fully automated system where the Data Controller can initiate Data Processing.
- When the Data Controller manually uploads Personal Data in a file for verification, the Data Controller must click on a button to start/initiate verification.
- Files containing Personal Data uploaded using bulk API will be started automatically.
- Personal Data processed using real time API is processed automatically.
The Data Processor keeps logs of all activities. Such as but not limited to file upload, results download, number of successful API calls.
Either party may terminate this agreement by giving each other 1 weeks notice in writing. If both parties agree to a new Data Protection Agreement, it is effective immediately after signature.
This agreement, and any dispute or claim arising out of or in connection with it shall be governed by the law of England.
MillionVerifier Limited, 152-160 City Road, London, England, EC1V 2NX, United Kingdom.