Features
Influencer API
Pricing
Customers
Resources
Free Tools
Free Lists of Top Influencers
Blog
Creator economy reports & case studies

DATA PROCESSING AGREEMENT (“DPA”)

This DPA sets out the data‑protection terms that apply whenever OneMore InfluencersClub OÜ (“Influencers.club“, “we“, “us“, “our“) Processes Personal Data on behalf of a business customer (“Customer“, “you“) under the Terms of Service, Master Subscription Agreement or other written contract that governs your use of our platform and services (the “Main Agreement“).
By accessing or using the Services after the Effective Date, you agree that this DPA is incorporated into—and forms part of—the Main Agreement.

1. Definitions

Capitalized terms not defined here have the meanings given in the Main Agreement or the GDPR.

 

          Term                                                                     Meaning

“Data Protection              EU GDPR 2016/679, UK GDPR & DPA 2018, Swiss FADP, and any
Laws”                                 applicable laws governing the Processing of Personal Data.

“Customer Data”              Personal Data that Customer uploads to, or Processes through, the
                                            Services.

“SCCs”                               The EU Standard Contractual Clauses (Commission Implementing
                                           Decision (EU) 2021/914) module 2 (controller→processor), including
                                           the UK International Data Transfer Addendum where applicable.

Other GDPR terms          “Controller”, “Processor”, “Data Subject”, “Personal Data”,
                                            “Processing”, and “Supervisory Authority” have the meanings set out
                                            in the GDPR.

2. Roles and Scope

  • Customer acts as Controller and determines the purposes and means of Processing Customer Data.
  • Influencers.club acts as Processor and Processes Customer Data solely:
     a. to provide, maintain and secure the Services;
     b. on Customer’s documented instructions; or
     c. as required by law.

 

A high‑level description of the Processing is in Annex I (Details of Processing).

3. Processor Obligations

1. Confidentiality – We ensure personnel are under binding confidentiality obligations.

 

2. Security – We implement and maintain the technical & organisational measures in Annex II (and any updated version we publish that does not materially diminish protection).

 

3. Sub‑Processors – We may engage qualified third parties (e.g., cloud providers or email infrastructure) as Sub‑Processors. We impose equivalent data‑protection terms and remain liable for their acts. A current list is available on request.

 

4. Data Subject Rights – We assist you, at your cost, in responding to Data‑Subject requests (access, rectification, erasure, etc.) that relate to Customer Data.

 

5. Breach Notification – We will notify you without undue delay (and in any event within 24 hours of awareness) of any Personal‑Data Breach affecting Customer Data and will provide timely information to assist you in meeting breach‑reporting obligations.

4. Liability

Each Party’s aggregate liability arising from or in connection with this DPA is subject to the limitations of liability in the Main Agreement, except to the extent such limitations are prohibited by Data Protection Laws.

5. Conflicts

If there is a conflict between this DPA and the Main Agreement, this DPA prevails on matters of data protection. If the SCCs apply, the SCCs prevail over both.

ANNEX I – DETAILS OF PROCESSING

        Field                                                                         Description

Subject matter                Provision of Influencer discovery, analytics and outreach functionality;
& purpose                        sending outreach emails on Customer’s behalf.

Duration                          Term of the Main Agreement plus data retention period

Categories of                  Influencers/creators; Customer’s users; outreach recipients provided by
Data Subjects                  Customer.

Categories of                  Names, usernames, contact data (email, social handles), publicly
Personal Data                 available profile information, system logs. We do not seek to Process
                                          special categories.

Frequency of                   Continuous, as initiated by Customer.
transfer

Retention                         As stated in § 3.5 above.

ANNEX II – TECHNICAL & ORGANISATIONAL MEASURES

  1. Access Control – Role‑based access, least privilege, MFA for privileged accounts.

  2. Encryption – TLS 1.2+ in transit; AES‑256 at rest.

  3. Physical Security – Data hosted in ISO 27001/SSAE‑18 certified data centres (e.g., AWS eu‑central‑1).

  4. Network Security – Segmented VPCs, firewalls, IDS, vulnerability scans.

  5. Monitoring & Logging – Centralised, tamper‑evident logs with 24 × 7 alerting.

  6. Vendor & Change Management – Security due‑diligence for vendors; CI/CD with code review.