This DPA forms an integral part of the Master Services Agreement available at https://x3digital.com/terms-of-service.
Roles of the Parties
Client acts as Controller or Business. X3 acts as Processor or Service Provider under Applicable Privacy Laws.
Subject Matter and Nature of Processing
Processing includes collection, storage, analysis, transmission, reporting, optimization, troubleshooting, and quality assurance activities necessary to perform Services under the SOW.
Categories of Data Subjects
May include Client customers, website visitors, employees, business contacts, and end users.
Categories of Personal Data
May include identifiers (name, email, phone), device identifiers, IP addresses, cookie IDs, behavioral data, transactional data, and marketing interaction data.
Duration
Processing continues for the term of the Agreement and thereafter as required by law or legitimate record retention obligations.
Processor Obligations
X3 shall:
- Process Personal Data only on documented instructions
- Implement appropriate technical and organizational measures
- Ensure personnel confidentiality
- Assist with data subject rights requests
- Notify Client without undue delay upon confirmed Security Incident
- Maintain appropriate safeguards for international transfers
Subprocessors
X3 may engage Subprocessors subject to contractual data protection obligations consistent with this DPA. Upon reasonable written request, X3 will provide a general description of categories of Subprocessors.
Audit
To the extent required by law, X3 shall provide reasonable documentation to demonstrate compliance. Audits shall be limited to written responses unless otherwise legally required.
Limitation of Liability
Liability under this DPA is subject to the Limitation of Liability provisions in the MSA available at https://x3digital.com/terms-of-service.
Last Updated: January 1, 2026
