Orientation, pending counsel review
Data Processing Addendum
Effective 2026-06-30. This Addendum supplements the Terms of Service between you (the "Customer") and Zenith Worldwide LLC (operating b2bdatabase.net) (the "Provider") and applies where the Provider processes personal data on the Customer's behalf, or where the Customer processes personal data obtained from the Provider.
1. Roles of the parties
For the compilation and provision of contact records, the Provider acts as an independent controller. Once the Customer reveals or exports records and uses them for its own outreach, the Customer is a controller of that processing and is solely responsible for its lawful basis. Where the Provider processes Customer-supplied data (for example, suppression lists the Customer uploads), the Provider acts as the Customer's processor and processes only on the Customer's documented instructions.
2. Customer lawful-use obligations
The Customer warrants that it will process data obtained from the Provider only for legitimate B2B purposes; will establish and maintain a valid lawful basis (and any required consent) for its own outreach; will comply with CAN-SPAM, PECR/ePrivacy, CASL, the GDPR/UK GDPR, and DPDP as applicable; and will honor opt-outs, unsubscribe, and suppression requests in its own systems. The prohibited-use list in the Terms is incorporated here by reference. The Customer will not use B2B data to market to individuals as consumers and will not process special- category, sensitive, location, or minors' data.
3. Sub-processors
The Provider engages vetted sub-processors for hosting, payments, email delivery, and data verification, each bound by written terms imposing data-protection obligations no less protective than this Addendum. A current list is available on request, and the Provider will give notice of material changes so the Customer may object.
4. Security
The Provider maintains appropriate technical and organizational measures: encrypted transport, hashed credentials and API keys, role-based access, rate limits and export caps, an audit log of privileged actions, and a prohibition on full-database exports. The Provider will notify the Customer without undue delay after becoming aware of a personal-data breach affecting Customer data.
5. International transfers
Where personal data is transferred across borders, the parties will rely on a valid transfer mechanism (such as the EU Standard Contractual Clauses and the UK Addendum) as applicable. EU consumer records are held back and EU business records are gated pending the Provider's Article 14 notification program.
6. Data-subject rights and suppression
The Provider operates a permanent suppression list and a public Privacy Center, and integrates with deletion-platform requests (including the California DROP) on at least a 45-day cycle. The Provider will assist the Customer, taking into account the nature of processing, in responding to data-subject requests it receives. The Customer is responsible for data-subject requests relating to its own use of the data.
7. Audits, deletion, and term
On reasonable request and subject to confidentiality, the Provider will make available information necessary to demonstrate compliance with this Addendum. On termination, the Provider will delete or return Customer-supplied personal data except where retention is required by law or for ongoing suppression. This Addendum remains in effect for as long as the Provider processes personal data under the Terms.
8. Contact
Data-protection contact: privacy@b2bdatabase.net. Operating entity: Zenith Worldwide LLC (operating b2bdatabase.net).
This Addendum is provided for orientation and is pending review by counsel. It is not legal advice. A counter-signed DPA on the Provider's reviewed template will govern for customers who require one.