This DPA shall apply whenever WebShopAssist processes Personal Data on behalf of Client, in connection with the provision of the Services.
(b) "Data Protection Laws" means, Regulation (EU) 2016/679 ("GDPR") together with applicable legislation implementing or supplementing the same or otherwise relating to the processing of Personal Data of natural persons, together with binding guidance and codes of practice issued from time to time by relevant supervisory authorities;
3.1 WebShopAssist shall comply with all applicable Data Protection Laws in the Processing of Client Personal Data and WebShopAssist shall:
3.1.3 implement and maintain reasonable technical and organizational measures, having regard to the assessment of the appropriate level of security for Client Personal Data and the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access or damage to such Data.
3.1.4 promptly notify Client of any communication from a Data Subject regarding the Processing of Client Personal Data, or any other communication (including from a supervisory authority) relating to any obligation under the Data Protection Laws in respect of the Client Personal Data and, on Client's request and at Client's costs, taking into account the nature of the Processing, assist Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Client’s obligation to respond to requests for exercising the data subject's rights laid down in Chapter III GDPR;
3.1.5 notify Client without undue delay of any Personal Data Breach involving Client Personal Data, upon WebShopAssist’s becoming aware of a Personal Data Breach involving Client Personal Data, such notice to include all information reasonably required by Client to comply with its obligations under the Data Protection Laws;
3.1.6 reasonably assist Client with their obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the Processing and information available to WebShopAssist, at the sole cost of the Client;
The list of authorized Sub-Processors is included in Annex 2 of this DPA.
Annex 1: Description of Processing of Client Personal Data
The provision of the Services by way of the following Shopify Apps:
1. FGO integration
2. DPD integration
3. Fan Shipping
The Personal Data shall be stored for a period of maximum 90 days as of the date of the collection.
The categories of Data Subject to whom the Client Personal Data relates
The customers – natural
persons – of WebShopAssist's Clients who use the
Shopify Apps listed above.
Name, address, e-mail address, telephone number, information related to the purchase order.
The obligations and rights of Client
The obligations and rights of Client are set out in the Data Protection DPA.
Annex 2: Authorised Sub-processors