arrobaMail
Legal document

Data Processing Agreement (DPA)

Data processing agreement between the Client (Controller) and arrobaMail/TECSID (Processor), in accordance with Argentine Law 25,326, the GDPR, and the LGPD.

Updated June 20, 2026·Version 1

This agreement complements the Privacy Policy and the Terms and Conditions, and governs the processing of personal data that arrobaMail carries out on the Client's behalf. If you need a signed version for your own compliance, write to us at [email protected].


1. Parties and purpose

  • Data Controller: the Client using arrobaMail to send campaigns to its own contacts.
  • Data Processor: TECSID de Danilo Raúl Garín (Argentine Tax ID / CUIT 23-23639244-9), the owner of the arrobaMail solution.

This agreement governs the processing of personal data of the subscribers/contacts that the Client uploads to the platform (the "Layer B" from the Privacy Policy, section 3). With respect to that data, the Client is the Controller and arrobaMail acts as Processor.

It does not cover the Client's account data (Layer A), for which arrobaMail is the Controller under its Privacy Policy.

Reseller model (white label). If the Client is a Reseller that resells the Service to its own clients, arrobaMail acts as sub-processor: it provides the infrastructure and the software, with no direct relationship with the Reseller's clients or with the subscribers they upload, and without determining the purposes or validating the lawfulness or consent behind those lists. The Reseller is responsible for having the legal basis and for entering into the appropriate data processing agreements with each of its clients, and is the point of contact for its clients and data subjects. arrobaMail will assist the Reseller to the extent reasonably corresponding to its role as sub-processor (see Terms, section 2.6).


2. Regulatory framework

This agreement is entered into in accordance with:

  • Argentina: Law 25,326 on the Protection of Personal Data (in particular its art. 25, data processors) and Decree 1558/2001.
  • European Union: Regulation (EU) 2016/679 (GDPR), especially its art. 28, when the Client or its data subjects are covered.
  • Brazil: Law 13,709/2018 (LGPD), where applicable.

3. Subject matter, duration, nature, and purpose

  • Subject matter: processing of subscriber data to provide the contracted Email Marketing Service.
  • Duration: for as long as the contractual relationship with the Client is in force, unless a legal retention obligation applies.
  • Nature and purpose: collection, storage, segmentation, sending campaigns, automations, measurement (opens, clicks, bounces, complaints, unsubscribes), and generating reports, solely on the Client's account and per the Client's instructions.
  • Types of data: identification and contact data (email — mandatory —, name, and custom fields defined by the Client) and interaction metrics.
  • Categories of data subjects: the Client's subscribers/contacts.

4. Obligations of the Processor (arrobaMail)

arrobaMail undertakes to:

  1. Process data only per the Client's documented instructions (including international transfers), unless a law requires otherwise, in which case it will inform the Client where legally possible.
  2. Ensure confidentiality, and that persons authorized to process the data assume that duty (art. 10, Law 25,326).
  3. Apply appropriate technical and organizational security measures (see Privacy Policy, section 13).
  4. Respect the conditions for engaging sub-processors (section 5).
  5. Assist the Client — to the extent possible and per the nature of the processing — in responding to data subject rights requests.
  6. Assist the Client in complying with its security, incident notification, and impact assessment obligations.
  7. At the Client's choice, delete or return the data at the end of the provision of services, unless retention is required by law (section 7).
  8. Make available to the Client the information necessary to demonstrate compliance with these obligations.

5. Sub-processors

  • The Client authorizes arrobaMail to engage the sub-processors listed in the Privacy Policy, section 10 (including, among others, Akamai/Linode, Cloudflare, Relevance AI, Google, Mercado Pago, PayPal, Payoneer, and WhatsApp).
  • arrobaMail imposes on each sub-processor protection obligations equivalent to those in this agreement.
  • arrobaMail will inform the Client of the addition or replacement of sub-processors with reasonable advance notice, giving it the opportunity to object on reasonable grounds.
  • arrobaMail is liable to the Client for the sub-processors' compliance.

6. International transfers

Part of the processing takes place outside Argentina, mainly in the United States and on Cloudflare's global network. Those transfers are covered by the guarantees described in the Privacy Policy, section 12 (necessity for the performance of the contract — art. 12, Law 25,326 —, the AAIP Resolution 60-E/2016 model contractual clauses, and GDPR Standard Contractual Clauses where applicable).


7. Return and deletion

At the end of the provision of services, and at the Client's choice, arrobaMail will delete or return subscriber data, and delete existing copies, except those it must retain under a legal, tax, security, or claims-defense obligation. Backups exist for operational continuity and infrastructure and do not constitute an individual restoration service for data deleted by the Client.


8. Security incidents

In the event of a security incident affecting personal data processed on the Client's behalf, arrobaMail will notify the Client without undue delay, with the information available, so the Client can meet its own notification obligations to the authority and to data subjects.

Incident contact: [email protected] or [email protected] (subject line: "Security").


9. Audit and information

arrobaMail will make available to the Client reasonable information to demonstrate compliance with this agreement and will cooperate with previously agreed audits or inspections, under conditions that do not compromise the security or confidentiality of other clients.


10. Client's responsibility

The Client, as Controller, warrants that it has a legal basis or consent to process its subscribers' data, that it informed them as required by law, and that its instructions comply with applicable regulations. The Client is responsible for the content of its campaigns and the lawfulness of its lists (see Anti-Spam Policy).


11. Governing law

This agreement is governed by Argentine law and forms part of the Privacy Policy and the Terms and Conditions. For Clients covered by the GDPR or the LGPD, those regimes additionally apply.


12. Contact


Last updated: June 20, 2026 — Version 1.0.

If you find a wording error or have questions about any point, write to us through the contact channel.

This page is a courtesy translation. The original, legally binding document is in Spanish. View the original Spanish document

Get started with arrobaMail
in under 5 minutes.

Free plan, AI generations included, no credit card required — and real support from a real team.

Try it free now
WhatsAppOur team replies