Effective: 25 May 2018

Background

This Data Processing Agreement has been entered into between EGNITION Pty Ltd (“we”, “us”, “our”) as a data processor and you as the data controller.

This Data Processing Agreement forms an essential part of the Privacy Policy, entered into between you and us (“Privacy Policy Agreement”) and shall always be interpreted in accordance with the Privacy Policy of such agreement. The capitalized terms used in this Data Processing Agreement shall have the meanings set forth in the Privacy Policy.

Processing of personal data

To the extent any of the data processed in connection with your use of the Service or Software constitutes personal data under the applicable legislation, you hereby authorise us to process such data (and any other data, regardless of whether they constitute personal data or not) on your behalf for the purposes of providing the Service or Software in accordance with the Terms, Policies and applicable legislation.

You agree that this Data Processing Agreement together with the Privacy Policy constitute the instructions in accordance with which any such data is processed and that we will not be able to adhere to any further instructions provided by you in relation to any personal or other data.

For the sake of clarity, it is noted that in relation to the personal data processed under this agreement, we act as the data processor and you act as the data controller.

We confirm that we will process your personal data & any personal data that we can collect through our Software in a lawful manner which meets requirements of the applicable legislation relating to the processing of personal data, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and that we will otherwise comply with the applicable legislation in relation to the processing of personal data.

Responsibilities of the data controller

You agree that it is exclusively your responsibility to comply with any and all obligations of the data controller set out in applicable legislation, including the GDPR, and that the Service or Software is provided “as is” and “as available” in accordance with this Data Processing Agreement as well as the Privacy Policy Agreement. You confirm that you will comply with the applicable legislation in relation to the processing of personal data, including the GDPR.

Assistance to you as the data controller

We will assist you in providing any technical or organizational measures for the fulfillment of your obligations as the data controller in relation to possible requests for exercising the data subjects’ rights laid down in the applicable legislation. Taking into account the nature of the Service or Software, you further agree that we cannot commit to providing such assistance.

We will assist you in ensuring compliance with your obligations relating to the security of data processing, notifications of personal data breaches to the supervisory authorities and communications to data subjects and data protection impact assessments. We will notify you about any personal data breaches concerning your data as soon as possible and, where feasible, at the latest 48 hours after having become aware of such personal data breach.

Taking into account the nature of the data processing and the information available to us as the data processor, you agree that we may be unable to assist you in these matters.

Confidentiality and security

We confirm that our personnel involved in providing the Service or Software to you have committed to confidentiality obligations with regard to personal data (if any) processed in connection with the Service or Software. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons we confirm that we have taken such technical and organisational security measures which ensure a level of security appropriate to the risk.

Subprocessors

You agree that we may engage third parties including other data processors in connection with the Service or Software and that such third parties may be located, and your data may be processed, outside the European Economic Area (including e.g. in the United States) subject to applicable legislation. If we transfer any personal data outside the European Economic Area, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using appropriate European Union Standard Contractual Clauses.

If we engage another processor for carrying out processing activities on your behalf, at least the same data protection obligations as set out in this agreement, shall also apply to such sub-processor. If such sub-processor fails to fulfil its data protection obligations, we shall remain fully liable to you for the performance of the sub-processor’s obligations. We will inform you of any intended changes concerning the addition or replacement of sub-processors.

We may provide information regarding such third party data processors upon request, and always subject to our confidentiality obligations. If you do not approve our use of any third party processors, please stop using the Service or Software immediately.

Retention of your data

We have no obligation to store and we will not store any of your data after the termination of your account and/or subscription of the Service or Software unless otherwise agreed or required under applicable law. We will delete or return all personal data related to you after the end of the provision of services relating to processing.

Audit

You may have the right, in accordance with applicable legislation only, to receive information necessary to demonstrate compliance with the obligations laid down in this Data Processing Agreement and applicable legislation and, where and to the extent mandated under applicable legislation to do so, we may allow for, and contribute to, audits, including inspections, conducted by you in relation to personal data in relation to our Service provided to you only. The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided at exclusively your cost and expense, and we reserve the right to charge you for any additional work or other costs incurred by us in connection with you using such rights.

Discrepancies

This Data Processing Agreement forms a part of the Privacy Policy Agreement. In the event of any discrepancies relating to the processing of personal data between this Data Processing Agreement and the Privacy Policy Agreement, the provisions of this Data Processing Agreement shall prevail.

Please contact support@egnition.io if you need/would like a signed copy of this Data Processing Agreement.

Our Shopify Apps

Pin It on Pinterest