Legal
Data Processing Agreement
Last updated: June 2025
This Data Processing Agreement applies where L'azar List processes personal data on behalf of a client as part of service delivery.
Roles
The client is the Controller. L'azar List is the Processor. We process personal data only on the Controller's documented instructions.
Security measures
We implement appropriate technical and organisational measures to protect personal data. All contact data is processed within an isolated, locally encrypted layer and is never transferred to external cloud environments in raw form.
Sub-processors
We use a limited number of trusted sub-processors, including secure communication API infrastructure. A current list is available on request with 30 days notice of material changes.
Data subject rights
We assist Controllers in responding to data subject rights requests within the statutory timeframe at no additional cost.
Breach notification
We will notify you of any confirmed personal data breach within 72 hours of becoming aware of it.
Requesting a signed DPA
Contact us via our contact page and we will provide one within 5 working days.