Skip to content
Contact us

PMG360 AUDIENCEIQ™

DATA PROCESSING ADDENDUM

Version 1.0

Effective Date: July 1, 2026

This Data Processing Addendum ("DPA") forms part of and is incorporated into the PMG360 AudienceIQ™ Master Services Agreement ("MSA") between PMG360, Inc. d/b/a AudienceIQ™ ("PMG360" or "Processor") and Customer ("Controller").

This DPA applies whenever PMG360 Processes Personal Data on behalf of Customer in connection with the Services.

ARTICLE 1

DEFINITIONS

For purposes of this DPA:

1.1 Applicable Privacy Laws

"Applicable Privacy Laws" means all applicable laws governing Personal Data, including:

  • GDPR (EU Regulation 2016/679)
  • UK GDPR
  • CCPA
  • CPRA
  • U.S. State Privacy Laws
  • Applicable international privacy regulations

1.2 Controller

"Controller" means the entity determining the purposes and means of Processing Personal Data.

1.3 Processor

"Processor" means the entity Processing Personal Data on behalf of a Controller.

1.4 Personal Data

"Personal Data" means information relating to an identified or identifiable natural person.

1.5 Process / Processing

"Processing" means any operation performed on Personal Data including:

  • collection
  • storage
  • analysis
  • transmission
  • retrieval
  • disclosure
  • deletion

1.6 Security Incident

"Security Incident" means unauthorized access, acquisition, disclosure, alteration, destruction, or loss of Personal Data.

1.7 Subprocessor

"Subprocessor" means any third party engaged by PMG360 to Process Personal Data in support of the Services.

ARTICLE 2

SCOPE OF PROCESSING

2.1 Subject Matter

PMG360 Processes Personal Data solely for purposes of providing the Services.

2.2 Nature of Processing

Processing activities may include:

  • hosting
  • storage
  • enrichment
  • segmentation
  • analytics
  • reporting
  • audience intelligence
  • campaign analysis
  • customer support
  • technical administration

2.3 Duration

Processing shall continue only for the duration necessary to provide Services and satisfy legal obligations.

2.4 Categories of Data

Personal Data may include:

  • names
  • email addresses
  • business contact information
  • job titles
  • company information
  • CRM records
  • audience attributes
  • marketing engagement data
  • customer-generated content

2.5 Categories of Data Subjects

Data Subjects may include:

  • employees
  • prospects
  • customers
  • vendors
  • website visitors
  • business contacts
  • marketing contacts

ARTICLE 3

CUSTOMER INSTRUCTIONS

3.1 Processing Instructions

PMG360 shall Process Personal Data only:

  • on documented instructions from Customer;
  • as required to provide the Services; or
  • as required by applicable law.

3.2 Illegal Instructions

PMG360 may refuse instructions that PMG360 reasonably believes violate Applicable Privacy Laws.

3.3 Customer Responsibility

Customer remains responsible for determining the lawfulness of Processing activities.

ARTICLE 4

CONFIDENTIALITY

4.1 Confidentiality Obligations

PMG360 shall ensure that personnel authorized to Process Personal Data:

  • are bound by confidentiality obligations;
  • receive privacy and security training;
  • access Personal Data only when necessary.

4.2 Access Restrictions

Access shall be limited based upon legitimate business needs and role-based authorization principles.

ARTICLE 5

SECURITY OF PROCESSING

5.1 Security Program

PMG360 shall maintain commercially reasonable administrative, technical, and physical safeguards appropriate to the risks presented by Processing activities.

5.2 Administrative Measures

May include:

  • security awareness training
  • access governance
  • vendor management
  • incident response planning
  • policy management

5.3 Technical Measures

May include:

  • encryption in transit
  • authentication controls
  • role-based permissions
  • logging and monitoring
  • vulnerability management
  • malware protection

5.4 Physical Measures

May include:

  • facility access controls
  • environmental protections
  • visitor management
  • secure disposal procedures

5.5 Ongoing Evaluation

PMG360 may periodically evaluate and improve security measures based upon evolving threats and industry standards.

ARTICLE 6

SUBPROCESSORS

6.1 Authorization

Customer authorizes PMG360 to engage Subprocessors necessary to provide the Services.

6.2 Subprocessor Requirements

PMG360 shall require Subprocessors to maintain contractual obligations regarding:

  • confidentiality
  • privacy
  • security
  • lawful Processing

6.3 Liability

PMG360 remains responsible for the performance of Subprocessors to the extent required by law.

6.4 Current Subprocessors

Current Subprocessors are identified in Schedule B.

PMG360 may update Schedule B from time to time.

ARTICLE 7

DATA SUBJECT RIGHTS

7.1 Assistance

PMG360 shall provide reasonable assistance to Customer in responding to requests from Data Subjects.

7.2 Covered Rights

Requests may include:

  • access
  • correction
  • deletion
  • portability
  • restriction
  • objection
  • withdrawal of consent

7.3 Direct Requests

Unless prohibited by law, PMG360 shall notify Customer if PMG360 receives a Data Subject request directly.

ARTICLE 8

SECURITY INCIDENTS

8.1 Notification

PMG360 shall notify Customer without unreasonable delay following confirmation of a Security Incident affecting Customer Personal Data.

8.2 Notification Content

Where available, notification may include:

  • description of the incident
  • categories of affected data
  • known impacts
  • mitigation measures
  • contact information

8.3 Investigation

PMG360 shall take commercially reasonable measures to:

  • investigate;
  • contain;
  • remediate; and
  • mitigate

Security Incidents.

8.4 No Admission

Security Incident notifications shall not constitute admission of fault or liability.

ARTICLE 9

PRIVACY IMPACT ASSESSMENTS

9.1 Assistance

PMG360 shall provide reasonable assistance where Customer is legally required to conduct:

  • Data Protection Impact Assessments (DPIAs);
  • Transfer Impact Assessments (TIAs);
  • privacy risk assessments.

9.2 Cost Recovery

Extensive assistance beyond standard documentation may be billable at PMG360's then-current professional services rates.

ARTICLE 10

AUDITS

10.1 Security Documentation

Upon reasonable request, PMG360 may provide:

  • security summaries;
  • compliance documentation;
  • questionnaire responses;
  • audit reports, if available.

10.2 Audit Limitations

Customer audits must:

  • occur no more than annually;
  • avoid disruption;
  • maintain confidentiality;
  • be reasonable in scope.

10.3 Alternative Evidence

PMG360 may satisfy audit requests through security certifications, reports, questionnaires, or equivalent documentation.

ARTICLE 11

RETURN AND DELETION

11.1 Return or Deletion

Upon termination of Services and written request, PMG360 shall:

  • return Personal Data; or
  • securely delete Personal Data.

11.2 Exceptions

PMG360 may retain data where required:

  • by law;
  • for legal defense;
  • for tax compliance;
  • for backup recovery processes.

11.3 Backup Systems

Residual copies maintained in secure backups may remain until overwritten in the normal course of business.

ARTICLE 12

INTERNATIONAL DATA TRANSFERS

12.1 Transfer Mechanisms

Where legally required, the parties shall implement:

  • Standard Contractual Clauses (SCCs);
  • UK International Data Transfer Addendum;
  • other lawful transfer mechanisms.

12.2 Cooperation

The parties shall reasonably cooperate to execute required transfer documentation.

ARTICLE 13

CCPA / CPRA ADDENDUM

13.1 Service Provider Status

To the extent applicable, PMG360 acts as a Service Provider under the CCPA and CPRA.

13.2 Restrictions

PMG360 shall not:

  • sell Personal Information;
  • share Personal Information for cross-context behavioral advertising except as authorized by Customer;
  • retain Personal Information beyond authorized purposes.

13.3 Permitted Uses

PMG360 may Process Personal Information solely to:

  • provide Services;
  • maintain security;
  • improve functionality;
  • comply with law;
  • perform internal business operations.

13.4 Assistance

PMG360 shall reasonably assist Customer in responding to verified consumer rights requests.

ARTICLE 14

LIABILITY

Liability arising under this DPA shall be governed by the liability limitations set forth in the MSA.

ARTICLE 15

ORDER OF PRECEDENCE

In the event of conflict:

  1. Standard Contractual Clauses (if applicable)
  2. This DPA
  3. Master Services Agreement

SCHEDULE A

DESCRIPTION OF PROCESSING

Controller: Customer

Processor: PMG360, Inc. d/b/a AudienceIQ™

Purpose of Processing:

  • Audience intelligence
  • Data enrichment
  • Analytics
  • Reporting
  • Customer support
  • Marketing intelligence services

Duration: Subscription Term plus lawful retention period

SCHEDULE B

AUTHORIZED SUBPROCESSOR CATEGORIES

  • Cloud hosting providers
  • CRM providers
  • Marketing automation providers
  • Analytics providers
  • Data enrichment providers
  • Security providers
  • Customer support platforms
  • Identity and authentication providers
  • Backup and disaster recovery providers

VERSION CONTROL

Version Date Description
1.0 July 1, 2026 Initial Production Release

DOCUMENT INFORMATION

Document Name: PMG360 AudienceIQ™ Data Processing Addendum

Version: 1.0

Effective Date: July 1, 2026

Owner: PMG360, Inc. d/b/a AudienceIQ™

Business Address:

125 Half Mile Road, Suite 200
Red Bank, NJ 07701

Status: Production Release