Data Protection Agreement

Effective Date: May 18th 2025

1. Introduction

This Data Protection Agreement (“DPA”) forms part of the Terms of Service between Shoptimizer and the user of the Shoptimizer services (the “Merchant”). This DPA ensures that both parties comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person, such as order information.

3. Roles and Responsibilities

The Merchant is the data controller and determines the purposes and means of processing personal data using Shoptimizer. Shoptimizer acts as a data processor, processing personal data on behalf of the Merchant in accordance with the Merchant’s instructions.

4. Processing of Personal Data

Shoptimizer will:

• Process personal data only on documented instructions from the Merchant.
• Ensure that personnel authorized to process personal data are committed to confidentiality.
• Implement appropriate technical and organizational measures to ensure data security.

5. Sub-Processors

Shoptimizer may engage sub-processors to process personal data. A list of approved sub-processors is available on request. The Merchant will be notified of any changes to the list, and the Merchant may object to such changes.

6. Data Subject Rights

Shoptimizer will assist the Merchant in fulfilling its obligations to respond to data subject requests, including access, rectification, erasure, and data portability requests.

7. Data Breach Notification

In the event of a personal data breach, Shoptimizer will notify the Merchant without undue delay and provide sufficient information to help the Merchant meet its reporting obligations.

8. Data Retention and Deletion

Upon termination of the service, Shoptimizer will delete or return all personal data processed on behalf of the Merchant unless otherwise required by law.

9. Audits

The Merchant has the right to audit Shoptimizer’s compliance with this DPA. Shoptimizer will provide necessary information to demonstrate compliance.

10. Governing Law

This DPA is governed by the laws of Spain.

11. Contact Information

If you have any questions related to this DPA, please contact us at [email protected].