Data Processing Addendum

This Data Processing Addendum (“Addendum”) amends the HulkApps Terms and Conditions and Privacy Policy (“Agreement”) by and between HulkApps, Inc, USA (“HulkApps”) and the customer entity that is the party to the Agreement (“Customer”). 


  1. DEFINITIONS

1.1. Agreement means HulkApps Terms and Conditions and Privacy Policy, or other written or electronic agreement, which govern the provision of the service to Customer.


1.2. Customer Data means any personal data that HulkApps processes on behalf of Customer.


1.3. Data Protection Laws means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of processing Personal Data in question under the Agreement, including without limitation, the CCPA and the data protection and privacy laws of Canada, Australia and Brazil.


1.4. European Data Protection Laws means all data protection laws and regulations applicable to Europe including General Data Protection Regulation (GDPR).


1.5. Europe means, for the purpose of this document, the European Economic Area (EEA) and its member states, Switzerland and the United Kingdom.


1.6. The terms “personal data”, “controller”, “data subject”, “processor” and “processing” shall have the meaning given to them under applicable Data Protection Laws. 


1.7. Sensitive Data means any information that falls within the definition of “special categories of data” under applicable Data Protection Laws, including social security number, genetic, biometric or health information, racial, ethnic, political or religious affiliation, criminal record. 


1.8. Sub-processor means any processor engaged by HulkApps or its affiliates to assist in fulfilling its obligations with respect to providing the service pursuant to the Agreement or this Ammendum.


1.9. Security Incident means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure of or access to, Customer Data on systems managed or otherwise controlled by HulkApps.



  1. ROLES AND RESPONSIBILITIES

2.1. If European Data Protection Laws apply to either party’s processing of Customer Data, the parties acknowledge and agree that with regard to the processing of Customer Data, HulkApps is a processor acting on behalf of Customer (whether itself a controller or a processor). This addendum will not apply to instances where HulkApps is the controller.


2.2. HulkApps will process Customer Data as further described in Annex A of this Ammendum. Customer will not provide any Sensitive Data to HulkApps for processing under this Ammendum, and HulkApps will have no liability whatsoever for Sensitive Data in any case. 


2.3. Customer will ensure that HulkApps’s processing of the Customer Data in accordance with Customer’s instructions will not cause HulkApps to violate any applicable law, regulation, or rule, including, Data Protection Laws. Where Customer acts as a processor on behalf of a third-party controller, Customer warrants that its processing instructions, including its authorizations to HulkApps for the appointment of Sub-processors in accordance with this Ammendum, have been authorized by the relevant controller. Customer shall serve as the sole point of contact for HulkApps and HulkApps will not interact directly with any third-party controller.


  1. SUB-PROCESSING

3.1. Customer agrees that HulKApps may engage Sub-processors to process Customer Data on Customer’s behalf. The Sub-processors currently engaged by HulkApps and authorized by Customer are HulkApps, Ltd, India; ‘’Alen.ba” Ltd, Bosnia and Herzegovina; Shopify Inc, Canada and its affiliates; and SEAPIXEL Single Member LLC, Greece. 


3.2. HulkApps will enter into a written agreement with each Sub-processor containing data protection obligations, to the extent practicable, no less protective than those in this Addendum or as may otherwise be required by applicable Data Protection Laws and regulations. HulkApps agrees to be responsible for the acts or omissions of each such Sub-processor to the same extent as HulkApps would be liable if performing the services of such Sub-processor under the terms of the Addendum.


3.3. HulkApps will inform Customer of any new Sub-processor engaged during the term of the Agreement by updating the Sub-processor list (stated in 3.1.). If Customer reasonably believes that the appointment of a new Sub-processor will have a material adverse effect on HulkApps' ability to comply with applicable Data Protection Laws and regulations, then Customer must notify HulKApps in writing, within 30 days following the update to the Sub-processor list.


3.4. Customer acknowledges and agrees that, where applicable, HulkApps may be prevented from disclosing Sub-processor agreements to Customer due to confidentiality restrictions but HulkApps shall, upon request, use reasonable efforts to provide Customer with all relevant information it reasonably can in connection with Sub-processor agreements.


  1. SECURITY

4.1. HulkApps shall implement and maintain appropriate technical and organizational security measures that are designed to protect Customer Data from Security Incidents and designed to preserve the security and confidentiality of Customer Data.


4.2. HulkApps shall ensure that any person who is authorized by HulkApps to process Customer Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).


4.3. HulkApps agrees to implement appropriate technical and organizational measures designed to protect Customer Data. Those measures include physical security, regular backups, etc.


4.4. Upon becoming aware of a Security Incident, HulkApps shall: a) notify Customer without undue delay, and where feasible, in any event no later than 48 hours from becoming aware of the Security Incident; b) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; c) promptly take reasonable steps to contain and investigate any Security Incident. HulkApps’ notification of or response to a Security Incident shall not be construed as an acknowledgment by HulkApps of any fault or liability with respect to the Security Incident.


4.5. Customer is responsible for its secure use of the Service, including, if applicable, securing its account authentication credentials, protecting the security of Customer Data when in transit to and from the Service, and taking any appropriate steps to securely encrypt or backup any Customer Data uploaded to the Service.


  1. SECURITY REPORTS 

5.1. HulkApps shall make available to Customer all information reasonably necessary to demonstrate compliance with this Addendum.


  1. INTERNATIONAL TRANSFERS

6.1. Customer acknowledges that HulkApps may transfer and process Customer Data anywhere in the world where HulkApps, its affiliates or its Sub-processors maintain data processing operations. HulkApps shall at all times ensure that such transfers are made in compliance with the requirements of Data Protection Laws and this Ammendum.


  1. DELETION OF DATA

7.1. Upon termination or expiration of the Agreement, HulkApps shall delete or return to Customer all Customer Data (including copies) in its possession or control, except that this requirement shall not apply to the extent HulkApps is required by applicable law to retain some or all of the Customer Data.


7.2. When Customer requests deletion of Customer Data that HulkApps collects to Shopify and Shopify notify HulkApps via webhooks (the process is described on https://shopify.dev/apps/webhooks/configuration/mandatory-webhooks), HulkApps shall promptly confirm their receipt of the request and complete the action within 30 days of receipt (unless HulkApps is legally required the retain the data). We have implemented the following webhooks: Data Requests, Customer Data Redaction and Shop Data Redaction. 


  1. DATA SUBJECT RIGHTS AND COOPERATION

8.1. HulkApps shall, considering the nature of the processing, provide reasonable assistance to Customer to the extent possible to enable Customer (or its third-party controller) to comply with its data protection obligations with respect to data subject rights under Data Protection Laws. In the event that any such request is made to HulkApps directly, HulkApps shall not respond to such communication directly except as appropriate (for example, to direct the data subject to contact Customer) or legally required, without Customer’s prior authorization. If HulkApps is required to respond to such a request, HulkApps shall, where the Customer is identified or identifiable from the request, promptly notify Customer and provide Customer with a copy of the request unless HulkApps is legally prohibited from doing so. 


8.2. To the extent required under applicable Data Protection Laws, HulkApps shall (considering the nature of the processing and the information available) provide all reasonably requested information regarding the Service to enable Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by Data Protection Laws. 


8.3. HulkApps does not voluntarily provide government agencies or authorities (including law enforcement) with access to or information about Customer Data. If HulkApps receives a compulsory request (whether through a subpoena, court order, search warrant, or other valid legal process) from any government agency or authority (including law enforcement) for access to or information about  Customer Data belonging to a Customer whose primary contact information indicates the Customer is located in Europe, HulkApps shall: a) review the legality of the request; b) inform the government agency that HulkApps is a processor of the data; c) attempt to redirect the agency to request the data directly from Customer; d) notify Customer via email sent to Customer’s primary contact email address of the request to allow Customer to seek a protective order or other appropriate remedy; and e) provide the minimum amount of information permissible when responding to the agency or authority based on a reasonable interpretation of the request. 


  1. GENERAL

9.1  Any claims made against HulkApps or its affiliates under or in connection with this Addendum shall be brought solely by the Customer entity that is a party to the Agreement.


9.2. This Addendum shall remain in effect for as long as HulkApps carries out Customer Data processing operations on behalf of Customer or until termination of the Agreement.


9.3. In the event of any conflict or inconsistency between this Addendum and the Agreement, the provisions of this Addendum will prevail.


ANNEX A


Categories of data subjects: The categories of data subjects whose personal data is processed include, but not limited to, Customer’s end users.


Categories of personal data: Customer may upload, submit, or otherwise provide certain personal data to the Service, the extent of which is typically determined and controlled by Customer in its sole discretion, and may include the following types of personal data: name, address, phone number and e-mail.


Frequency of processing: Continuous and as determined by Customer.


Subject matter and nature of the processing: The subject matter of the data processing under this Addendum is the Customer Data. Customer Data will be processed in accordance with the Agreement (including this Addendum) and may be subject to the following processing activities:

  1. Storage and other processing necessary to provide, maintain and improve the service provided to Customer pursuant to the Agreement; and/or
  2. Disclosures in accordance with the Agreement and/or as compelled by applicable law.

Purpose of the processing: HulkApps shall only process Customer Data for the permitted purposes, which shall include: a) processing as necessary to provide the service in accordance with the Agreement; b) processing initiated by Customer in its use of the Service; and c) processing to comply with any other reasonable instructions provided by Customer (e.g., via email or support tickets) that are consistent with the terms of the Agreement.


Duration of processing and period for which personal data will be retained: As described in Section 7.



Effective, January 2022



Cart

Your cart

Close

Your cart is currently empty.

Total