Skip to content
Moises Santos LogoMoises Santos

Data Processing Addendum

This Data Processing Addendum ("DPA") is entered into by and between Moises Santos ("Data Controller" or "we") and you ("Data Subject" or "you"). This DPA supplements and forms part of the agreement for the provision of services through mzsantoz.com. In the event of any conflict between any agreement and this DPA, the terms and conditions of this DPA will control.

1. Definitions

"EU GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

"Processing" has the meaning ascribed to it in the EU GDPR, and "Process" will be construed accordingly.

"Personal Data" has the meaning ascribed to it in the EU GDPR.

2. Data Processing and Security Responsibilities

We will each comply with all privacy laws that apply to it (including, where applicable, the EU GDPR) in relation to any Personal Data Processed in connection with this website, as set out in Annex A to this DPA.

3. Data Subject Obligations

You agree that you have:

  • provided accurate and up-to-date Personal Data to the extent you choose to share such information;
  • obtained all necessary consents and provided all necessary notices to permit us to Process your Personal Data in accordance with this DPA;
  • understood that you may withdraw your consent at any time, though this may affect your ability to use certain features of this website.

4. Our Obligations

In the course of Processing Personal Data in connection with this website, we will:

  • only Process Personal Data for the purposes of operating this website and as otherwise instructed by you, and not Process any Personal Data in any other manner unless required to do so by applicable law, including applicable laws of the European Union (EU) or the laws of an EU Member State. We will notify you before complying with any such requirement unless the law prohibits such information on important grounds of public interest;
  • immediately inform you if, in our opinion, any instruction received from you infringes the EU GDPR;
  • notify you without undue delay of any request received from individuals relating to the individual's right to access, modify, correct, erase or restrict the Processing of Personal Data or to exercise their right of data portability or objection in accordance with the EU GDPR, and assist you to comply with such a request;
  • notify you without undue delay of any request or other correspondence received in connection with the Processing of Personal Data under this DPA from a supervisory authority;
  • implement physical, technical, administrative and organizational measures (including those set out in Annex B) appropriate to the sensitivity of the Personal Data to protect the Personal Data against loss, theft, destruction, damage, alteration and unauthorized or unlawful access, use, disclosure or other Processing;
  • ensure personnel who are authorized to Process the Personal Data are bound to protect the confidentiality of the Personal Data by either a commitment to confidentiality or an appropriate statutory obligation of confidentiality;
  • to the extent required by the EU GDPR and upon your request, provide all reasonable assistance in connection with your obligations under the EU GDPR to carry out a data protection impact assessment.

5. Audit Rights

We will provide you (or your representatives) with access to relevant records for the purposes of verifying our compliance with this DPA, subject to reasonable notice and confidentiality obligations.

6. Subcontracting

You acknowledge and agree that we will use sub-processors (as listed in Annex C) to provide services related to this website. We will enter into a written agreement with each such sub-processor that imposes obligations on the sub-processor that are substantially similar to those imposed on us under this DPA. Where such sub-processors fail to fulfil their data protection obligations, we will remain fully liable to you for the performance of those sub-processor's obligations. Prior to appointing any new sub-processor in addition to or in lieu of those listed in Annex C, we will notify you of such sub-processors, whereupon you will have 30 days to object to such appointment by providing detailed reasons for such objection.

7. Security Breach Notification

We will notify you without undue delay upon becoming aware of any loss, theft, damage or unauthorized or unlawful access to or use, disclosure or other Processing of Personal Data ("Privacy Breach").

We will assist you with complying with your obligations in notifying individuals affected by a Privacy Breach and supervisory authorities to the extent required by the EU GDPR.

8. Termination

Upon your request or at such other times as instructed by you in writing, we will immediately return (or, upon your written instruction, securely dispose of) each and every original and copy in every media of all Personal Data in our possession or control unless applicable laws of the EU or the law of an EU Member State requires storage of the Personal Data.

ANNEX A - DATA PROCESSING DESCRIPTION

Subject-matter and duration of the Processing

This website processes Personal Data for the purpose of providing information about services, enabling contact and communication, and managing blog subscriptions. The duration of the Processing lasts for as long as you interact with this website and as long as any lawful purposes continue to exist.

Nature and purposes of the Processing

Personal Data are Processed for the following purposes:

  • managing contact form submissions and communications;
  • sending CV documents via email upon request;
  • managing mentorship program applications and waitlist;
  • sending email notifications and updates (where you have consented);
  • analyzing website usage through analytics (where you have consented).

Data Categories

The following categories of Personal Data are involved:

  • Contact information, which may include first name, last name, email addresses;
  • Any other Personal Data that you may choose to provide through contact forms or other interactions.

The Personal Data may include Personal Data about visitors to this website who choose to provide such information.

ANNEX B - SECURITY MEASURES

The following security measures have been implemented to help safeguard the Personal Data:

  • All data transmission is encrypted in-transit using transport layer security (TLS) over HTTPS;
  • Sensitive information is encrypted at-rest where applicable;
  • Access to Personal Data is restricted to authorized personnel only and requires authentication;
  • Our hosting provider (Vercel) implements industry-standard security measures for infrastructure protection;
  • Regular security reviews and updates are performed to maintain protection standards;
  • Data backup and recovery procedures are in place to prevent data loss.

ANNEX C - SUBCONTRACTORS

Below is the list of sub-processors:

Vercel Inc.

Essential cloud hosting provider for website infrastructure.

340 S Lemon Ave #4133, Walnut, CA 91789, United States

Privacy Policy: https://vercel.com/legal/privacy-policy

DPA: https://vercel.com/legal/dpa

Resend

Email delivery service for contact forms, CV delivery, and notifications.

Privacy Policy: https://resend.com/legal/privacy-policy

Google Tag Manager

Website analytics and tag management (where consent is provided).

1600 Amphitheatre Parkway, Mountain View, CA, United States

DPA: https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html

Last updated: October 2025

For questions regarding this DPA, please contact us through the contact form.

Check my latest contributions

Get instant access to my experience building high-impact platforms. I'll also send you my LinkedIn profile to stay connected.