CRE Finder
Draft — under legal review. This page reflects a standard SaaS DPA template and will be replaced with the final counsel-reviewed version before being relied upon for contractual purposes. If you need a signed DPA today, email hello@crefinder.ai.

Data Processing Addendum

Last updated: 2026-05-13

This Data Processing Addendum ("DPA") forms part of the agreement between CRE Finder, Inc. ("CRE Finder") and the customer ("Customer") for the provision of the CRE Finder services and reflects the parties' agreement with respect to the processing of personal data.

1. Definitions

Capitalized terms not otherwise defined herein have the meanings given to them in the GDPR or CCPA, as applicable. "Personal Data", "Processing", "Controller", "Processor", and "Data Subject" have the meanings given in the GDPR.

2. Roles of the parties

With respect to Personal Data processed in connection with the services, Customer is the Controller and CRE Finder is the Processor. CRE Finder will process Personal Data only on documented instructions from Customer.

3. Scope and nature of processing

CRE Finder processes Personal Data only as necessary to provide the services, comply with legal obligations, or as expressly instructed by Customer. Categories of Personal Data and Data Subjects are as set forth in the order form or as reasonably necessary for the services.

4. Subprocessors

Customer authorizes CRE Finder to engage Subprocessors to process Personal Data on Customer's behalf. CRE Finder will maintain a current list of Subprocessors available upon request and will impose on each Subprocessor obligations no less protective than those in this DPA.

5. Security

CRE Finder will implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Measures include encryption in transit and at rest, access controls, audit logging, and regular security testing.

6. Data subject rights

Taking into account the nature of the processing, CRE Finder will assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer's obligation to respond to requests for exercising Data Subject rights under applicable data protection law.

7. Personal data breach notification

CRE Finder will notify Customer without undue delay after becoming aware of a Personal Data Breach, including providing information reasonably necessary to allow Customer to fulfill its notification obligations to supervisory authorities and Data Subjects.

8. Audit rights

Customer or its mandated auditor may audit CRE Finder's compliance with this DPA up to once per calendar year, subject to reasonable notice and confidentiality obligations. CRE Finder will make available all information necessary to demonstrate compliance.

9. International transfers

Where Personal Data is transferred outside the EEA, UK, or Switzerland, the parties will rely on Standard Contractual Clauses or another approved transfer mechanism. CRE Finder will provide a copy of the applicable transfer mechanism upon request.

10. Return and deletion

Upon termination of the services, CRE Finder will, at Customer's choice, return or delete all Personal Data unless retention is required by applicable law.

11. CCPA-specific terms

Where the California Consumer Privacy Act applies, CRE Finder is a "Service Provider" (and not a "Third Party") and will not retain, use, or disclose Personal Information for any purpose other than providing the services.

12. Contact

Questions about this DPA can be directed to hello@crefinder.ai.

Ready when you are

Your next acquisition is already in our database.

Start with a free preview. See the match count. Unlock the list when it looks right.

15 min · no slides · cancel anytime