Last updated: June 10, 2026 · GDPR Article 28
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Mintagency OÜ (registry code 16972018, Tallinn, Estonia) ("Processor", "we") and the customer ("Controller", "you") and applies whenever we process personal data on your behalf under Article 28 of the EU General Data Protection Regulation (GDPR). By using the Service to run outreach campaigns you accept this DPA.
For the personal data contained in your lead lists, campaigns, and outreach communications, you are the Controller and Mintagency OÜ is the Processor. For your own account and usage data, Mintagency OÜ is the Controller (see the Privacy Policy).
We process personal data only to provide the Service (lead discovery, campaign management, AI email drafting, sending and reply/bounce detection) for the duration of your subscription and until deletion under Section 8.
Data subjects: business contacts and representatives of the companies you target. Categories: names, business email addresses, phone numbers, job roles, company names, and publicly available firmographic information. You must not upload special categories of personal data (Article 9 GDPR).
We process personal data only on your documented instructions (including via your use of the Service), unless required otherwise by EU or Estonian law. If we believe an instruction infringes the GDPR, we will inform you.
Personnel authorised to process personal data are bound by confidentiality.
We maintain appropriate technical and organisational measures, including encryption in transit (TLS), encryption of stored mailbox credentials (AES-256-GCM), access controls, row-level data isolation between customers, and a global suppression list for opt-outs and bounces.
You authorise the following sub-processors. We will give notice of intended changes and you may object on reasonable data-protection grounds.
We will assist you, taking into account the nature of processing, in responding to data-subject requests (access, rectification, erasure, restriction, objection, portability) and in meeting your obligations under Articles 32–36. A recipient may also contact us directly at hello@mintagency.eu to be erased and added to the global suppression list.
We will notify you without undue delay after becoming aware of a personal data breach affecting your data, with the information you need to meet your Article 33/34 obligations.
On termination, we delete or return your personal data within 30 days, except where retention is required by law.
We make available the information necessary to demonstrate compliance with Article 28 and allow for and contribute to reasonable audits, including on-request documentation.
Where a sub-processor processes data outside the EEA, we rely on European Commission Standard Contractual Clauses or an equivalent adequacy mechanism.
Mintagency OÜ
Registry code: 16972018, Tallinn, Estonia
Email: hello@mintagency.eu
This DPA is a standard template provided for convenience. For high-value or regulated customers, both parties may wish to have it reviewed by their own legal counsel.
Mintreach is a product of Mintagency OÜ