Data Protection Agreement
Effective Date: May 18th 2025
1. Introduction
This Data Protection Agreement (“DPA”) forms part of the Terms of Service between Shoptimizer and the user of the Shoptimizer services (the “Merchant”). This DPA ensures that both parties comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2. Definitions
Personal Data: Any information relating to an identified or identifiable natural person, such as order information.
3. Roles and Responsibilities
The Merchant is the data controller and determines the purposes and means of processing personal data using Shoptimizer. Shoptimizer acts as a data processor, processing personal data on behalf of the Merchant in accordance with the Merchant’s instructions.
4. Processing of Personal Data
Shoptimizer will:
- Process personal data only on documented instructions from the Merchant.
- Ensure that personnel authorized to process personal data are committed to confidentiality.
- Implement appropriate technical and organizational measures to ensure data security.
5. Sub-Processors
Shoptimizer may engage sub-processors to process personal data. A list of approved sub-processors is available on request. The Merchant will be notified of any changes to the list, and the Merchant may object to such changes.
6. Data Subject Rights
Shoptimizer will assist the Merchant in fulfilling its obligations to respond to data subject requests, including access, rectification, erasure, and data portability requests.
7. Data Breach Notification
In the event of a personal data breach, Shoptimizer will notify the Merchant without undue delay and provide sufficient information to help the Merchant meet its reporting obligations.
8. Data Retention and Deletion
Upon termination of the service, Shoptimizer will delete or return all personal data processed on behalf of the Merchant unless otherwise required by law.
9. Audits
The Merchant has the right to audit Shoptimizer’s compliance with this DPA. Shoptimizer will provide necessary information to demonstrate compliance.
10. Governing Law
This DPA is governed by the laws of Spain.
11. Contact Information
If you have any questions related to this DPA, please contact us at [email protected].