Last updated: September 8, 2025

This DPA forms part of the Agreement between Jeff Johnson Group (“Provider”) and the customer (“Customer”) using dadhustleproject.com. Capitalized terms not defined here have the meanings in the Agreement or applicable data protection laws.

 

1. Scope & Roles

• Controller/Processor: For Customer Personal Data that Customer provides to Provider for processing on Customer’s behalf (e.g., account data, subscription management, support tickets), Customer is the Controller and Provider is the Processor (or Service Provider/Processor under CCPA/CPRA).

• Independent Controller: For data Provider collects and uses for its own purposes (e.g., site analytics, service improvement, fraud prevention), Provider is an independent Controller.

 

2. Processing Details

• Subject matter: Provision of the Website and subscribed services.

• Duration: Term of the Agreement + retention necessary for legal/compliance.

• Nature & purpose: Hosting, storage, transmission, support, analytics, communications, billing.

• Data types: Contact info, account data, usage/technical data, support content, limited payment identifiers (full payment data handled by payment processors).

• Data subjects: Customer’s personnel, end users, prospects/clients (as applicable).

 

3. Processor Obligations

Provider shall:
(a) process Customer Personal Data only on documented instructions from Customer (the Agreement, this DPA, feature settings, and Customer-initiated actions constitute instructions);
(b) ensure personnel confidentiality;
(c) implement appropriate technical and organizational security measures;
(d) assist Customer with reasonable technical/organizational measures, insofar as possible, with data subject requests and security incidents;
(e) notify Customer without undue delay of a personal data breach affecting Customer Personal Data;
(f) delete or return Customer Personal Data at termination, unless law requires retention; and
(g) make available information reasonably necessary to demonstrate compliance and, upon reasonable written request and subject to confidentiality/safety restrictions, allow audits once per 12 months (or after a material incident).

 

4. Sub-processors

Customer authorizes Provider to engage sub-processors for hosting, support, analytics, communications, and payments. Provider will maintain an updated list upon request and will impose data protection obligations on sub-processors at least as protective as this DPA. Customer may subscribe to updates (if offered) and may object on reasonable grounds; if unresolved, Customer may terminate the affected services.

 

5. International Transfers

Where Customer Personal Data is transferred internationally, Provider will ensure appropriate safeguards (e.g., EU Standard Contractual Clauses (controller-to-processor) and UK Addendum, as applicable). The parties incorporate the SCCs by reference and agree the Controller-to-Processor Module applies when required; Annexes are satisfied by the information in this DPA, the Agreement, and Provider’s security documentation.

 

6. Security

Provider maintains administrative, technical, and physical safeguards appropriate to the risk, including access controls, encryption in transit (HTTPS), vulnerability management, and personnel training. Details may be provided under NDA upon request.

 

7. Assistance & Requests

Provider will, to the extent feasible and legally permitted, forward or assist with data subject requests received directly by Provider relating to Customer Personal Data. Customer is responsible for responding to such requests.

 

8. CCPA/CPRA

For Customer Personal Data subject to CCPA/CPRA, Provider acts as a Service Provider or Contractor and will not: (a) sell or share such data; (b) retain, use, or disclose it for purposes other than providing the services or as otherwise permitted by law; or (c) combine it with other personal information except as allowed by law.

 

9. Miscellaneous

If there is a conflict between this DPA and the Agreement, this DPA controls to the extent of the conflict with respect to data protection. If any provision is invalid, the remainder remains in effect. This DPA is governed by the governing law in the Agreement, excluding conflicts rules.

Contact for Privacy/DPA: privacy@dadhustleproject.com (or compliance@dadhustleproject.com)