Data Processing Agreement

Last Updated: 10/10/2025

1. Purpose and Scope

This Data Processing Agreement ("DPA") supplements our Privacy Policy and Terms of Service. It governs how KEG Executive Management processes personal data when providing services to clients.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual

  • Processing: Any operation performed on personal data

  • Controller: Entity that determines purposes and means of processing (typically Client)

  • Processor: Entity that processes personal data on behalf of Controller (KEG)

3. Data Processing Activities

In providing our services, we may process personal data including:

  • Employee information (names, contact details, roles)

  • Customer data (as needed for operational analysis)

  • Competitive intelligence data (publicly available information)

  • CRM data (for Go High Level implementation services)

4. Our Obligations as Processor

KEG Executive Management agrees to:

  • Process personal data only as instructed by the client

  • Ensure confidentiality of all personnel who access personal data

  • Implement appropriate technical and organizational security measures

  • Assist with data subject rights requests

  • Delete or return personal data at end of engagement

  • Notify client of any data breaches without undue delay

5. Security Measures

We implement industry-standard security measures including:

  • Encryption of data in transit and at rest

  • Access controls and authentication

  • Regular security assessments and updates

  • Secure data storage and backup procedures

  • Employee training on data protection

6. Sub-Processors

We may engage sub-processors to assist in providing services. Current sub-processors include:

  • Go High Level (CRM services)

  • Stripe (payment processing)

  • Cloud hosting providers (data storage)

All sub-processors are contractually bound to equivalent data protection obligations. Clients will be notified of any changes to sub-processors.

7. Data Subject Rights

We will assist clients in fulfilling data subject rights requests including:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to data portability

  • Right to object

8. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the client without undue delay (within 48 hours when possible)

  • Provide details of the breach and affected data

  • Describe measures taken or proposed to address the breach

  • Cooperate with client in notifying authorities and data subjects as required

9. International Data Transfers

We primarily process data within the United States. Any international data transfers will be conducted in compliance with applicable data protection laws using appropriate safeguards such as Standard Contractual Clauses.

10. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our engagement or as required by law. Upon request or termination of services, we will securely delete or return all personal data unless retention is required by law.

11. Audits and Compliance

We will make available to clients information necessary to demonstrate compliance with data protection obligations and allow for audits (with reasonable notice and during business hours).

12. Contact for Data Protection

For questions about data processing or to exercise data subject rights:

KEG Executive Management

Email: [email protected]

Location: Salt Lake City, UT

KEG Executive Management

Scaling SMBs through expert operational leadership and strategic guidance.

USA & Worldwide

Company

Executive Mindfulness Coach

Stay Connected

Subscribe to our newsletter for insights and updates.

© 2025 KEG Executive Management. All rights reserved.