Website: https://prodiusenterprise.com
Contact: cristian@prodiusenterprise.com
This Data Processing Addendum (the "DPA") applies when Prodius Enterprise ("Prodius," "we," "us," or "our") processes personal data on behalf of a client as a processor, service provider, or equivalent role while providing ecommerce app implementation, maintenance, support, analytics setup, push notification setup, or related services.
If you have a signed agreement with Prodius that includes different data processing terms, that agreement controls for any conflict.
1. Roles
The client is the controller or business responsible for determining the purposes and means of processing personal data. Prodius is the processor or service provider for personal data processed on the client's behalf.
For information collected directly through the Prodius website, preview form, and scheduling flow, Prodius may act as an independent controller as described in the Privacy Policy.
2. Processing Instructions
Prodius will process client personal data only to provide the Services, follow documented client instructions, comply with applicable law, protect security, and perform obligations under the applicable agreement.
3. Processing Details
Processing may include accessing, configuring, transmitting, storing, analyzing, troubleshooting, and supporting ecommerce app data.
Categories of personal data may include customer account data, contact information, order-related data, shipping or billing details, app usage events, device or technical identifiers, support communications, and other data made available by the client.
Data subjects may include ecommerce customers, app users, client employees, contractors, and support contacts.
4. Confidentiality and Security
Prodius will ensure that personnel authorized to process client personal data are subject to appropriate confidentiality obligations. Prodius will maintain reasonable technical and organizational measures designed to protect client personal data against unauthorized access, loss, misuse, alteration, and disclosure.
5. Subprocessors
The client authorizes Prodius to use subprocessors to provide the Services, including hosting providers, app infrastructure providers, ecommerce platforms, analytics providers, notification providers, email providers, scheduling tools, payment providers, and professional advisers.
Prodius remains responsible for subprocessors as required by applicable data protection law and will use subprocessors under terms that protect client personal data in a manner materially consistent with this DPA.
6. Assistance
Taking into account the nature of the processing and information available to Prodius, we will provide reasonable assistance for data subject requests, security obligations, impact assessments, and regulator inquiries related to the Services.
7. Security Incidents
Prodius will notify the client without undue delay after becoming aware of a confirmed security incident involving client personal data. The notice will include information reasonably available to Prodius and will be updated as more information becomes available.
8. Deletion and Return
At the end of the Services, upon written request and subject to legal, security, and legitimate business retention needs, Prodius will delete or return client personal data in its possession or control.
9. Audits
Prodius will make reasonable information available to demonstrate compliance with this DPA. Any audit must be conducted with reasonable notice, during normal business hours, in a way that does not disrupt operations or compromise security, confidentiality, or other clients' information.
10. International Transfers
Where international transfer rules apply, the parties will use appropriate transfer safeguards, such as standard contractual clauses or other lawful mechanisms.
11. Contact
DPA questions may be sent to cristian@prodiusenterprise.com.