This Data Processing Agreement (“DPA”) is part of and linked to the Shipturtle [Terms of Service / Master Services Agreement / Order Form] (the “Terms”). It automatically applies to all Customers using the Services where Shipturtle handles Personal Data for the Customer. If there’s a conflict between this DPA and the Terms, this DPA takes precedence regarding the Processing of Personal Data.
Este DPA establece las obligaciones de las Partes respecto al procesamiento de Datos Personales de Shipturtle en nombre del Cliente, en relación con el uso de los Servicios por parte del Cliente. A menos que se indique lo contrario, el Cliente actúa como Controlador y Shipturtle como Procesador de los Datos Personales procesados bajo este DPA.
Applicable Data Protection Laws: All laws related to data protection and privacy that apply to Personal Data Processing under the Terms (including GDPR, UK GDPR, Swiss FADP, and relevant U.S. state privacy laws).
Customer: Any person or entity that uses or benefits from the Services and agrees to the Terms.
Personal Data: Any information about an identified or identifiable individual, or as defined by Applicable Data Protection Laws.
Processing: Any action taken on Personal Data (e.g., collecting, storing, using, sharing, deleting).
Sub-Processor: Any third party that Shipturtle uses to Process Personal Data for the Services.
Servicios: Los productos y/o servicios proporcionados por Shipturtle según los Términos.
Personal Data Breach: A security breach that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data.
Tema y Duración. Shipturtle procesa datos personales únicamente para proporcionar, asegurar y apoyar los Servicios, durante la vigencia de los Términos.
Instructions. Shipturtle will process personal data only according to the customer’s documented instructions as outlined in the Terms and this DPA, unless required by law.
Responsibility of the Customer. The customer is accountable for the accuracy, quality, and legality of Personal Data and must provide necessary notices and obtain required permissions.
Uso del Procesador. Shipturtle puede procesar Datos Personales para ofrecer, mantener y mejorar los Servicios; garantizar la seguridad; prevenir abusos; y cumplir con la ley.
Shipturtle will implement and maintain the right technical and organizational measures (“TOMs”) to safeguard Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include least-privilege access, encryption during transfer and at rest, monitoring, vulnerability management, and incident response.
Customer allows Shipturtle to use Sub-Processors. Shipturtle will keep an updated list of Sub-Processors and notify of any changes. If Customer disagrees, the only solution is to terminate the Services. Shipturtle is still responsible for its Sub-Processors.
Shipturtle will help the Customer with Data Subject Requests and regulatory obligations if the Customer can't handle them directly through the Services. Shipturtle may charge the Customer for any related material costs.
Shipturtle will notify you promptly after discovering a Personal Data Breach, and always within a timeframe that lets you fulfill your legal obligations. We will take action to contain, investigate, and resolve the issue.
If Personal Data is transferred outside the EEA/UK/Switzerland to a non-adequate country, the EU Standard Contractual Clauses (2021/914) will apply. The Customer agrees to the SCCs “as is.” Appendix B (TOMs) fills in the Annexes. In case of conflict, the SCCs take priority.
Upon termination or at Customer's request, Shipturtle will delete or anonymize Personal Data within a reasonable period, not exceeding 90 days, unless required by law. Backup media will be cleared on their regular schedule.
La responsabilidad bajo este DPA se rige por los Términos, salvo modificación expresa aquí. Cada Parte sigue siendo responsable de su propia cumplimiento con las Leyes de Protección de Datos Aplicables. No obstante cualquier disposición en contrario, la responsabilidad total de Shipturtle bajo este DPA (incluidos los Sub-Procesadores) no superará las tarifas totales efectivamente pagadas (excluyendo reembolsos/créditos) por el Cliente a Shipturtle en los doce (12) meses anteriores al evento. Shipturtle no será responsable por daños indirectos, incidentales, especiales o consecuentes. Esta limitación prevalece sobre cualquier disposición inconsistente en los Términos.
Order of Precedence. This DPA governs data processing; SCCs apply in case of conflicts.
Modifications. Shipturtle may update this DPA to align with legal or industry changes by posting a new version. Significant changes will be communicated as necessary. The only option for the Customer to object is to stop the Services.
Severability. If any part is invalid, the rest remains valid.
Data Subjects: End users, account holders, recipients, vendor/partner contacts.
Categorías: Datos de contacto, datos de pedidos/transacciones, datos de cuenta/uso, comunicaciones de soporte.
Special Categories: Not allowed. If submitted, Customer is responsible for legality.
Purpose: Provide and support Services, sync, prevent fraud, ensure security, perform analytics, and comply with legal requirements.
Retention: According to Section IX.
Shipturtle implements essential TOMs, such as: role-based access, multi-factor authentication, encryption, network security, vulnerability management, secure development, penetration testing, logging/monitoring, incident response, backups with integrity checks, staff training, vendor risk management, and data minimization.
Where U.S. state privacy laws apply, Shipturtle serves as Service Provider/Processor and will not sell or share Personal Data, while also assisting with consumer requests as needed.
Para actividades limitadas necesarias para operar el negocio de Shipturtle (por ejemplo, telemetría, registros de seguridad, prevención de fraudes, cumplimiento, análisis), Shipturtle actúa como Controlador Independiente. Para dicho procesamiento, aplica la Política de Privacidad de Shipturtle.