Data Processing (GDPR)

This Data Processing Agreement ("DPA") forms part of the Contract for Services between GramPixel and its customers. This DPA applies to the processing of personal data by GramPixel on behalf of the customer in accordance with GDPR (EU Regulation 2016/679).

GramPixel processes personal data solely for the purpose of providing its tracking and analytics services. The categories of data subjects include end users of our customers' websites and the customer's own employees or representatives.

Types of personal data processed include: IP addresses, browser metadata, click events, conversion data, and user identifiers provided by our customers.

GramPixel implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of personal data in transit and at rest, regular testing and evaluation of security measures, and access controls limiting data access to authorized personnel only.

GramPixel may engage sub-processors to assist in providing the services. A current list of sub-processors is maintained and available upon request. We will notify customers of any intended changes to sub-processors, giving them the opportunity to object.

GramPixel will assist the customer in fulfilling its obligation to respond to requests for exercising the data subject's rights under GDPR, including the right of access, rectification, erasure, data portability, and the right to object to processing.