Muhammad Youssef | Revenue Architect

1. Purpose and Scope

This Data Processing Agreement ('DPA') governs the processing of personal data when Muhammad Youssef ('Processor') provides marketing consulting services to clients ('Controller'). This DPA ensures compliance with GDPR (EU 2016/679) and applicable data protection laws. It applies when the Processor handles personal data on behalf of the Controller during service delivery.

2. Roles and Responsibilities

Controller: The client organization determines the purposes and means of processing personal data. Controller is responsible for ensuring lawful basis for processing, obtaining necessary consents, and maintaining data subject rights. Processor: Muhammad Youssef acts as Processor when handling client data during marketing consulting engagements. Processor processes data only on documented instructions from Controller and implements appropriate security measures.

3. Data Processing Details

Nature of Processing: Analysis of marketing campaign data, audience analytics, and campaign performance metrics. Purpose: To provide marketing consulting services including campaign strategy development, performance optimization, and multi-channel execution support. Types of Data: Business contact information, campaign performance data, audience analytics, and marketing metrics (no sensitive personal data unless explicitly agreed). Data Subjects: Client's marketing audiences, business contacts, and campaign participants as relevant to the engagement.

4. Security Measures

The Processor implements appropriate technical and organizational measures: Encryption of data in transit and at rest, access controls and authentication, regular security assessments, secure data storage via trusted providers (Vercel, Google Workspace), and confidentiality obligations for all personnel. Data is processed within the EU/EEA where possible. Any data transfers outside the EU comply with GDPR requirements (Standard Contractual Clauses or adequacy decisions).

5. Subprocessors

The Processor may engage the following subprocessors: Vercel Inc. (hosting and analytics), Google LLC (workspace and analytics), Cal.com (scheduling), and other tools as specified in Service Agreement. The Controller will be notified of any changes to subprocessors with 30 days' notice and opportunity to object.

6. Data Subject Rights and Breach Notification

The Processor will assist the Controller in responding to data subject requests (access, rectification, erasure, portability). In case of a personal data breach, the Processor will notify the Controller without undue delay (within 48 hours of becoming aware) and provide necessary information for breach notification to authorities.

7. Data Retention and Deletion

Upon termination of services, the Processor will delete or return all personal data as instructed by the Controller (typically within 30 days). The Processor may retain data longer only if required by law. For DPA inquiries:
Email: ask@mo-yf.me