Enjoy 3 months of Shopify for $1/month ✨

Synctrack Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is entered into between:

  1. Synctrack Sync PayPal Tracking (“Data Processor”), a Shopify app operated by [Your Company Name and Address], and
  2. Merchant (“Data Controller”), the user of Synctrack Sync PayPal Tracking app,

and is incorporated into the Terms of Service of the Synctrack app. The purpose of this DPA is to ensure compliance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679).

This DPA is effective as of the date the Merchant begins using the Synctrack app.


1. Definitions

The following terms shall have the meanings set forth below:

1.1 Personal Data: Any information relating to an identified or identifiable natural person as defined in Article 4(1) of the GDPR.

1.2 Processing: Any operation or set of operations performed on Personal Data, as defined in Article 4(2) of the GDPR.

1.3 Data Controller: The Merchant, who determines the purposes and means of the processing of Personal Data.

1.4 Data Processor: Synctrack, who processes Personal Data on behalf of the Data Controller.

1.5 Sub-Processor: Any third party engaged by the Data Processor to process Personal Data.

1.6 Applicable Laws: All laws and regulations, including GDPR, applicable to the processing of Personal Data.


2. Subject Matter and Scope

2.1 This DPA governs the processing of Personal Data by the Data Processor on behalf of the Data Controller in connection with the use of Synctrack.

2.2 The processing activities involve syncing PayPal tracking information, managing order data, and related services as specified in the Synctrack app.

2.3 The types of Personal Data processed include:

  • Customer name, email address, shipping address.
  • Order details (e.g., order ID, product details).
  • Payment and tracking information.

2.4 The Data Processor will only process Personal Data in accordance with the Data Controller’s written instructions and this DPA.


3. Obligations of the Data Processor

The Data Processor agrees to:

3.1 Compliance with Instructions: Process Personal Data only as instructed by the Data Controller and in compliance with GDPR and other Applicable Laws.

3.2 Confidentiality: Ensure that persons authorized to process the Personal Data are bound by confidentiality obligations.

3.3 Security Measures: Implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, destruction, or alteration, including but not limited to:

  • Encryption of data in transit and at rest.
  • Access control and authentication mechanisms.
  • Regular security assessments and audits.

3.4 Data Breach Notification: Notify the Data Controller without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data Breach, providing sufficient information to enable the Data Controller to comply with its legal obligations.

3.5 Assistance: Assist the Data Controller in fulfilling their GDPR obligations, including:

  • Responding to data subject access requests.
  • Conducting data protection impact assessments (DPIAs).
  • Cooperating with supervisory authorities.

3.6 Sub-Processors:

  • Obtain prior authorization from the Data Controller to engage Sub-Processors.
  • Ensure all Sub-Processors comply with the same obligations as outlined in this DPA.
  • Provide a list of Sub-Processors upon request.

3.7 Deletion or Return of Data: Upon termination of the relationship, delete or return all Personal Data to the Data Controller, unless Applicable Laws require retention.


4. Obligations of the Data Controller

The Data Controller agrees to:

4.1 Ensure that the processing of Personal Data complies with GDPR and other Applicable Laws.

4.2 Obtain all necessary consents from data subjects to allow the Data Processor to process Personal Data as outlined in this DPA.

4.3 Provide clear and documented instructions to the Data Processor for the processing of Personal Data.

4.4 Notify the Data Processor promptly about:

  • Any errors or changes in the data provided.
  • Any data subject requests that require the Data Processor’s assistance.

5. Sub-Processors

5.1 The Data Processor is permitted to engage Sub-Processors for specific processing activities, including:

  • Cloud storage providers (e.g., AWS, Google Cloud).
  • Payment processing services (e.g., PayPal).

5.2 The Data Processor will maintain a list of Sub-Processors and share it with the Data Controller upon request.

5.3 The Data Processor will ensure that each Sub-Processor agrees to comply with obligations equivalent to those set forth in this DPA.


6. Data Transfers

6.1 Personal Data will only be transferred to countries outside the European Economic Area (EEA) if such transfers comply with GDPR.

6.2 The Data Processor will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.


7. Data Breach Notification

7.1 In the event of a Personal Data Breach, the Data Processor will provide the following details to the Data Controller:

  • Description of the breach and the affected data.
  • Likely consequences of the breach.
  • Measures taken to address and mitigate the breach.

7.2 The Data Processor will assist the Data Controller in fulfilling any notification obligations required by GDPR.


8. Termination

8.1 This DPA shall remain in effect as long as the Data Processor processes Personal Data on behalf of the Data Controller.

8.2 Upon termination, the Data Processor will delete or return all Personal Data unless Applicable Laws require otherwise.


9. Liability

9.1 Each party will be liable for any damages caused by its non-compliance with this DPA or GDPR.

9.2 The Data Processor is only liable for processing activities it performs under the instructions of the Data Controller.


10. Governing Law

This DPA shall be governed by and construed in accordance with the laws of [Your Country or EU Member State].


11. Contact Information

For all inquiries related to this DPA, please contact:

Synctrack Support

Email: [email protected]
Address: 8th floor, Hoa Cuong Building 18/11 Thai Ha, Dong Da Dist, Hanoi