Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is entered into between Deluxe Customer Accounts® (“Processor”) and the merchant (“Controller”) installing the Deluxe Customer Accounts App (the “App”), and governs the processing of personal data related to the services provided by the App.

1. Definitions

- **Controller**: The entity that determines the purposes and means of the processing of Personal Data (in this case, the merchant using the App).
- **Processor**: The entity that processes Personal Data on behalf of the Controller (Deluxe Customer Accounts).
- **Personal Data**: Any information relating to an identified or identifiable natural person.
- **Processing**: Any operation or set of operations which is performed on Personal Data, such as collection, storage, retrieval, or use.

2. Purpose of Processing

The Processor will process Personal Data only for the purpose of providing the App's services, including but not limited to customer account management, loyalty program functionalities, wishlist services, and other app-related features.

3. Data Collection

Types of Data Collected

• Store details (name, address, contact information)
• Order and transaction data (order history, fulfillment information)
• Customer information (email, names, loyalty points)
• Product details (SKUs, prices, descriptions)
• Usage data from customers (IP addresses, device types, browsing data)

4. Data Use and Purpose

The collected data will be used for:

• Managing user accounts
• Providing the loyalty and wishlist programs
• Providing customer support
• Improving app performance and features
• Complying with legal and regulatory obligations

5. Data Retention and Deletion

Personal Data will be retained as long as necessary to provide the services or comply with legal requirements. Upon uninstallation of the app, data will be deleted or anonymized, if possible, unless retention is required for legal purposes.

6. Data Subject Rights

As a Controller, you have the following rights regarding the Personal Data processed under this DPA:

• The right to access, correct, or delete the Personal Data
• The right to restrict or object to processing
• The right to data portability
• The right to request the transfer of data to another provider

7. Data Security

The Processor takes reasonable technical and organizational measures to protect Personal Data against unauthorized access, alteration, or destruction. Data will be stored securely and encrypted when necessary.

8. Data Transfers

Personal Data may be transferred and stored in countries outside the European Economic Area (EEA) as required for the provision of the App’s services. All transfers will comply with applicable data protection laws.

9. Subprocessors

The Processor may engage subprocessors to process Personal Data. A list of subprocessors will be provided to the Controller, and any new subprocessors will be notified before engaging them.

10. Termination

This DPA will remain in effect as long as the Controller uses the App. Upon termination of the App's services, Personal Data will be deleted or returned as per the Controller's request, except where retention is required by law.

11. Governing Law and Dispute Resolution

This DPA is governed by the laws of the jurisdiction in which the Processor is established (Italy). Any disputes will be resolved in the courts of the Processor’s location, unless otherwise agreed.

12. Contact Information

For any questions or concerns about this DPA or data privacy, please contact us at:
Deluxe Customer Accounts
[email protected]

13. Changes to This DPA

This DPA may be updated from time to time to reflect changes in processing practices or legal requirements. The most current version will always be available here.

Effective Date: 2024-10-18