Data Processing Addendum

This GDPR Data Processing Addendum ("DPA") forms part of the Privacy Policy available at https://www.ectbike.com/ (the “Website”) pursuant to which User has accessed Website's Service as defined in the applicable Agreement. The purpose of this DPA is to reflect the parties' agreement with regard to the processing of Personal Data.

This DPA shall not replace or supersede any agreement or addendum relating to processing of Personal Data negotiated by User and referenced in the Agreement, and any such individually negotiated agreement or addendum shall apply instead of this DPA.

In the course of providing the Service to User pursuant to the Agreement, Website may process Personal Data on behalf of User. Website agrees to comply with the following provisions with respect to any Personal Data submitted by or for User to the Service or collected and processed by or for User through the Service. Any capitalized but undefined terms herein shall have the meaning set forth in the Agreement.

Data Processing Terms The User agrees that Website is the Data Controller and that Google is its Data Processor in relation to Personal Data that is processed in the course of providing the Service. User is the Data-Subject. Website shall comply at all times with Data Protection Legislation in respect of all Personal Data it provided to Google pursuant to the Agreement.

The subject-matter of the data processing covered by this DPA is the Service ordered by User through Website. The processing will be carried out until the term of User's ordering of the Service ceases. Further details of the data processing are set out in Annex 1 hereto.

In respect of Personal Data processed in the course of providing the Service, Website:

  1.  Shall process the Personal Data only in accordance with the documented instructions from User (as set out in this DPA or the Agreement or as otherwise notified by User to Website (from time to time) If Website is required to process the Personal Data for any other purpose provided by applicable law to which it is subject, Website will inform User of such requirement prior to the processing unless that law prohibits this on important grounds of public interest;
  2. Shall implement and maintain appropriate technical and organizational measures designed to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of the Personal Data and having regard to the nature of the Personal Data which is to be protected;
  3. Website remains responsible for its subcontractors' compliance with the obligations of this DPA. Any subcontractors to whom Website transfers Personal Data will have entered into written agreements with Website requiring that the subcontractor abide by terms substantially similar to this DPA.
  4. Shall ensure that all Website personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations sets out in this Clause;
  5. At the User's request and cost (and insofar as is possible), shall assist the User by implementing appropriate and reasonable technical and organizational measures to assist with the User's obligation to respond to requests from Data Subjects under Data Protection Legislation (including requests for information relating to the processing, and requests relating to access, rectification, erasure or portability of the Personal Data) provided that Website reserves the right to reimbursement from User for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance;
  6. At the end of the applicable term of the Service, upon User's request, shall securely destroy or return such Personal Data to User;
  7. If Website becomes aware of any accidental, unauthorized or unlawful destruction, loss, alteration, or disclosure of, or access to the Personal Data that is processed by Website in the course of providing the Service (an "Incident") under the Agreement it shall without undue delay notify User and provide User (as soon as possible) with a description of the Incident as well as periodic updates to information about the Incident, including its impact on User Content. Website shall additionally take action to investigate the Incident and reasonably prevent or mitigate the effects of the Incident;
  8. Website shall provide information requested by User to demonstrate compliance with the obligations set out in this DPA.

ANNEX 1

Details of the Data Processing

Website shall process information to provide the Service pursuant to the Agreement. As an example, in a standard implementation, to utilize the Service, User may allow the following information to be sent by default to Website:

Types of Personal Data that may be collected and stored in Website’s system:

  •  Email addresses
  •  Name
  •  Phone Number
  •  Physical Address
  •  Location Data
  •  Personal Actions
  •  Payment details (Credit Card, Debit Card etc.)
  •  Billing Address

 

 

  • Time Period for which the Data may be stored:
 Data will be stored in the system for a period of 3 months after the User has made a purchase on our Website or User requests us to delete it or the company is out of business earlier.
  • Categories of Data Subjects Users of the Website;
Mailing list Subscribers; Users who filled “Contact Us” or “Request a live demo” Form
  •  Processing Activities
The provision of Service by Website to User