markitel
Last updated · July 3, 2026
This Data Processing Addendum template describes the baseline data-processing terms Markitel expects to use with approved business, broker, API, webhook, co-brand, and pilot partners when personal data is processed for a partner purpose. It is a template and transparency artifact, not a signed agreement by itself. A signed partner agreement, order form, or countersigned DPA controls if it conflicts with this page.
Depending on the feature and relationship, Markitel may act as an independent controller for its own platform operations or as a processor/service provider for limited partner-directed processing. The approved commercial schedule or signed DPA must identify the parties' roles, processing purpose, data categories, data subjects, authorized users, retention period, and any special restrictions before production personal data is shared.
Markitel will process partner-related personal data only to provide the agreed services, operate security and fraud controls, maintain records required by law, support users and partners, produce authorized reporting, and comply with documented lawful instructions. Markitel will not sell partner personal data or use it for unrelated advertising profiles.
Markitel applies technical and organizational measures appropriate to the service, including HTTPS, managed hosting and database infrastructure, access controls, credential separation, secret masking, least-privilege operational patterns, audit-oriented readiness checks, and incident escalation paths. No security measure eliminates all risk, and each partner remains responsible for its own systems, credentials, users, and legal basis for sharing data.
Markitel may use the sub-processors and service providers listed at /legal/subprocessors to provide the platform. Where a signed DPA requires notice or objection rights for new sub-processors, those rights must be handled through the signed agreement or commercial schedule. Markitel remains responsible for using service providers in a manner consistent with the applicable agreement.
If Markitel receives a request from a data subject about partner-controlled data, Markitel may redirect the requester to the partner or assist as required by the signed agreement and applicable law. Partners must provide a valid contact path, lawful basis, and response process for requests involving data they direct Markitel to process.
At termination or expiration of the applicable partner relationship, Markitel will delete, return, anonymize, or retain partner-related personal data as stated in the signed agreement and as required for legal, security, billing, dispute, audit, or compliance purposes. Production deletion promises should not be made unless the relevant data map and retention path are confirmed.
Markitel and its providers may process data in the United States, European Economic Area, and other jurisdictions where its infrastructure or service providers operate. If transfer safeguards such as Standard Contractual Clauses, UK addenda, or similar mechanisms are required, they must be incorporated into the signed DPA or commercial agreement.
Historical broker, trader, dispute, or other sensitive partner data must not be imported into Markitel until written scope, privacy review, access controls, retention/deletion terms, and any required DPA or equivalent data-handling terms are in place. Synthetic demos and anonymized dry-runs are separate from production personal-data processing.
For DPA requests, privacy questions, or sub-processor inquiries, contact privacy@markitel.com. For commercial execution, contact the Markitel business owner listed in the applicable partner agreement or order form.