Data Processing Addendum (DPA)

Version 1.0 Β· Last updated 7/11/2026

1. GDPR-compliant provisions

This Addendum forms part of the agreement between you (Controller) and Instant Quote Creator (Processor) and reflects the parties' agreement with respect to the processing of personal data under the GDPR and equivalent laws.

2. Processor obligations

  • Process personal data only on documented instructions.
  • Ensure persons authorized to process are bound by confidentiality.
  • Implement appropriate technical and organizational measures.
  • Assist Controller in responding to data subject requests.
  • Notify Controller without undue delay of personal data breaches.
  • Delete or return personal data at the end of the engagement (Controller's choice).

3. Security requirements

Encryption in transit (TLS 1.2+) and at rest for sensitive fields; RBAC; logging and monitoring; vendor due diligence; periodic penetration testing; documented incident response plan.

4. Sub-processors

We maintain an up-to-date list of sub-processors. We will notify Controller of changes at least 30 days in advance and give Controller a right to object on reasonable grounds.

5. Data transfer mechanisms

Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (Module 2 / Module 3 as applicable) and the UK IDTA addendum where relevant, supplemented by documented Transfer Impact Assessments.

6. Audits

Controller may audit Processor's compliance with this DPA once per year, at Controller's expense, on at least 30 days' written notice, subject to confidentiality and minimal disruption.

7. Liability

Processor's liability under this DPA is subject to the limitations of liability set out in the main agreement.

By browsing or using instantquotecreator.com, you acknowledge that you have read and consent to this document. No signature or checkbox is required for general site use.