This Data Processing Agreement (“DPA”) is entered into between:
and is incorporated into the Terms of Service of the Synctrack app. The purpose of this DPA is to ensure compliance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679).
This DPA is effective as of the date the Merchant begins using the Synctrack app.
The following terms shall have the meanings set forth below:
1.1 Personal Data: Any information relating to an identified or identifiable natural person as defined in Article 4(1) of the GDPR.
1.2 Processing: Any operation or set of operations performed on Personal Data, as defined in Article 4(2) of the GDPR.
1.3 Data Controller: The Merchant, who determines the purposes and means of the processing of Personal Data.
1.4 Data Processor: Synctrack, who processes Personal Data on behalf of the Data Controller.
1.5 Sub-Processor: Any third party engaged by the Data Processor to process Personal Data.
1.6 Applicable Laws: All laws and regulations, including GDPR, applicable to the processing of Personal Data.
2.1 This DPA governs the processing of Personal Data by the Data Processor on behalf of the Data Controller in connection with the use of Synctrack.
2.2 The processing activities involve syncing PayPal tracking information, managing order data, and related services as specified in the Synctrack app.
2.3 The types of Personal Data processed include:
2.4 The Data Processor will only process Personal Data in accordance with the Data Controller’s written instructions and this DPA.
The Data Processor agrees to:
3.1 Compliance with Instructions: Process Personal Data only as instructed by the Data Controller and in compliance with GDPR and other Applicable Laws.
3.2 Confidentiality: Ensure that persons authorized to process the Personal Data are bound by confidentiality obligations.
3.3 Security Measures: Implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, destruction, or alteration, including but not limited to:
3.4 Data Breach Notification: Notify the Data Controller without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data Breach, providing sufficient information to enable the Data Controller to comply with its legal obligations.
3.5 Assistance: Assist the Data Controller in fulfilling their GDPR obligations, including:
3.6 Sub-Processors:
3.7 Deletion or Return of Data: Upon termination of the relationship, delete or return all Personal Data to the Data Controller, unless Applicable Laws require retention.
The Data Controller agrees to:
4.1 Ensure that the processing of Personal Data complies with GDPR and other Applicable Laws.
4.2 Obtain all necessary consents from data subjects to allow the Data Processor to process Personal Data as outlined in this DPA.
4.3 Provide clear and documented instructions to the Data Processor for the processing of Personal Data.
4.4 Notify the Data Processor promptly about:
5.1 The Data Processor is permitted to engage Sub-Processors for specific processing activities, including:
5.2 The Data Processor will maintain a list of Sub-Processors and share it with the Data Controller upon request.
5.3 The Data Processor will ensure that each Sub-Processor agrees to comply with obligations equivalent to those set forth in this DPA.
6.1 Personal Data will only be transferred to countries outside the European Economic Area (EEA) if such transfers comply with GDPR.
6.2 The Data Processor will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.
7.1 In the event of a Personal Data Breach, the Data Processor will provide the following details to the Data Controller:
7.2 The Data Processor will assist the Data Controller in fulfilling any notification obligations required by GDPR.
8.1 This DPA shall remain in effect as long as the Data Processor processes Personal Data on behalf of the Data Controller.
8.2 Upon termination, the Data Processor will delete or return all Personal Data unless Applicable Laws require otherwise.
9.1 Each party will be liable for any damages caused by its non-compliance with this DPA or GDPR.
9.2 The Data Processor is only liable for processing activities it performs under the instructions of the Data Controller.
This DPA shall be governed by and construed in accordance with the laws of [Your Country or EU Member State].
For all inquiries related to this DPA, please contact:
Synctrack Support
Email: [email protected]
Address: 8th floor, Hoa Cuong Building 18/11 Thai Ha, Dong Da Dist, Hanoi