By participating in the Vitals Referral Program, you agree to be bound by these terms and conditions (the "Referral Agreement" or, for its purpose, the "Agreement"), which becomes a part of the Vitals Merchant Agreement. The Agreement is between you, the Partner (as defined below), and APPSOLVE SRL, a company headquartered in Bogdan Voda 14, Bucharest 010936, Romania (firstname.lastname@example.org), registered with Bucharest Trade Registry under no. J40/16347/2017, having sole identification code RO38260784, herein called “Appsolve” or “Vitals”. Each of the Partner and Appsolve is a "Party", and together they are the "Parties".
This Agreement governs your activities as a Partner, including participation in the activities described on the Vitals Referral Program dashboard available here (you need to be logged into Shopify and Vitals to access this link). Be sure to occasionally check back for updates.
Referral Partners may refer Customers through a Referral Link. The Referral Partner and Customer may qualify to earn Referral Credits if (the “Qualifying Conditions”):
If the Qualifying Conditions are met, both the Referral Partner and the Customer will receive a Referral Credit of $15 (the “Referral Credit”).
Referral Credits will be applied to the Referral Partner’s and Customer’s Vitals subscription fees. The Referral Credit is non-transferrable, non-refundable, and cannot be exchanged for any other form of credit.
Referral Credits will be automatically applied towards future Vitals subscription fees. Referral Credits will be applied before any other discounts, promotions, or additional credits. Referral Credits can only be redeemed through the Vitals platform.
Vitals will provide Referral Partners with access to the Vitals Referral Program dashboard, which allows Referral Partners to monitor the status of their referred Customers and the amount of Referral Credits they have earned. The Referral Partner acknowledges and agrees that Vitals’s tracking and determination of the referred Customers and Referral Credits is final and binding.
Vitals reserves the right to change, modify, or amend any part of the Referral Program, including these Referral Program Terms, at any time and in its sole discretion. Any changes or modifications will be effective immediately upon posting the revisions to the Referral Program, and the Referral Partner waives any right they may have to receive specific notice of such changes or modifications. The Referral Partner’s continued participation in the Referral Program will confirm their acceptance of such changes or modifications; therefore, the Referral Partner should review the Referral Program Terms and applicable policies frequently to understand the terms and conditions that apply. If the Referral Partner does not agree to the amended Referral Program Terms, they must stop participating in the Referral Program.
Vitals reserves the right to suspend or terminate the Referral Program or any Referral Partner’s ability to participate in the Referral Program at any time for any reason. We reserve the right to suspend accounts or remove Referral Credits if we notice any activity that we believe is abusive or fraudulent. We reserve the right to review and investigate all referral activities and to suspend accounts or modify referrals as deemed fair and appropriate.
We can update these terms at any time without prior notice. If we modify these terms, we will post the modification on the vitals.co website, which are effective upon posting. Continued participation in the Referral Program after any modification shall constitute consent to such modification.
If you have any questions about these Terms, please email us at email@example.com
After signing up with Shopify as a Shopify User-merchant, if you create an account with APPSOLVE to use some of our Services and/or by using any Vitals Services (as defined below), you are agreeing to be bound by this Merchant Agreement consisting of this General Terms and the following terms and conditions applicable to the legal relationship between Appsolve and Shopify Merchants:
As made available by Appsolve on its site vitals.co and updated from time to time, forming part of the Merchant Agreement and incorporated herein by reference.
As used in the Merchant Agreement, “we”, “us”, “our”, “Appsolve” and “Vitals” means APPSOLVE SRL, a company headquartered in Bogdan Voda 14, Bucharest 010936, Romania (firstname.lastname@example.org), registered with Bucharest Trade Registry under no. J40/16347/2017, having sole identification code RO38260784, and “you” or “Merchant” means the Merchant under the Shopify Terms of Service, namely the Shopify User (if registering for or using a Shopify Service as an individual), or the business employing the Shopify User (if registering for or using a Shopify Service as a business) and any of its affiliates.
You must read, agree with and accept all the terms and conditions contained or expressly referenced in this Merchant Agreement, before you use any Vitals Service.
This Agreement takes effect (the “Effective Date“) when you create an account and/or CLICK ON THE “INSTALL” BUTTON in order to use any of the Vitals Services. APPSOLVE and Merchant are sometimes referred to individually as a “Party” and collectively as the “Parties.”
BY CLICKING ON THE “INSTALL” BUTTON WHEN YOU CREATE A MERCHANT ACCOUNT, AND/OR USING THE VITALS SERVICES, YOU REPRESENT THAT (1) YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THE TERMS OF THIS MERCHANT AGREEMENT, AND (2) YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THE ENTITY YOU REPRESENT AND THAT IS USING VITALS SERVICES, AND TO BIND THAT ENTITY TO THIS AGREEMENT. IF YOU DO NOT ACCEPT OR UNDERSTAND THIS AGREEMENT, YOU MAY NOT REGISTER FOR OR USE VITALS SERVICES.
In order to use the Services, You need to have created an account with Shopify and an online store. You must duly represent a legal entity or act within the scope of a legally organized economic activity and be 18 years or older to use our Services.
The products and services under this Merchant Agreement (Services) may cover any of the products and/or services made available by Vitals on Shopify, for example:
Without affecting the provisions regarding Warranties and Limitation of Liability from the Terms of Service, Parties agree and understand that: i) Merchants cannot hold Shopify responsible for the Application and the responsibility related to the Application and its use is governed by the Terms of Service, ii) Shopify is not liable for any fault in the Application or any harm that may result from its installation and use, iii) except where expressly stated by Shopify, Shopify cannot provide assistance with the installation and use of the Application and iv) Appsolve’s responsibility for any liability which may arise from a Merchant’s access to or use of the Application including a) the development, use, marketing or distribution of or access to the Application or b) Appsolve’s access, use, distribution or storage of Merchant Data, shall be claimed according to and within the limits provided by the Terms of Service.
Vitals may suspend the Service or terminate the Agreement without notice, without court intervention or any other additional diligence, in the case of non-payment.
Remedies in the event of non-payment by Merchant for Vitals Services also include the withholding of the transfer of ownership of the Development Store or Merchant Store to the Merchant will be enforced by Shopify at its sole discretion
Details regarding billing and charges associated with the Merchant’s use of the Services may be found at:
No agency, partnership, joint venture, or employment is created as a result of this Agreement and Merchant does not have any authority of any kind to bind Appsolve in any respect whatsoever.
All notices under this Agreement will be in writing, usually by the Merchant Portal or by email to the email addresses mentioned in the Merchant Account and the Merchant Agreement.
All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.
If you have any questions about the Merchant Agreement, please email us at email@example.com.
Updated on January 23, 2023
This contract sets out your rights and responsibilities when you use any services (including, in particular, our software applications) provided by APPSOLVE (we’ll refer to all of these collectively as our “Services”), so please read it carefully. If you need any clarifications regarding the Terms, please contact us by email to the following address: firstname.lastname@example.org. Within the limits provided by law, APPSOLVE reserves the right to select merchants. In this respect, APPSOLVE may refuse to provide the Services to anyone, at any time, for any permitted reason.
Any use of our Services (even just browsing one of our websites), is subject to the Terms irrespective if you are a Premium User of Shopify or not. If you don’t agree with the Terms, you may not use our Services.
You’ll need to create an account with APPSOLVE to use some of our Services. Here are a few rules about accounts:
A. You must duly represent a legal entity or act within the scope of a legally organized economic activity and be 18 years or older to use our Services. You are responsible for any and all account activity conducted by a minor on your account. You are solely and fully responsible for the payment of any tax due, under the applicable law, for any income derived as a result of the use of our Services.
B. Be honest with us. Provide accurate information about yourself and/or the entity you represent. By accepting the Terms, you guarantee that you are not registered on behalf of another person or on behalf of an entity you do not represent. It’s prohibited to use false information or impersonate another person or entity through your account.
C. You're responsible for your account. You’re solely responsible for the information you provide to create your account and for any activity on your account. If you’re sharing an account with other people, then the person whose financial information is on the account will ultimately be responsible for all activity. Also, your accounts are not transferable.
D. Protect your password. As we mentioned above, you’re solely responsible for any activity on your account, so it’s important to keep your account password secure. Here’s a Help article on how to make your account more secure. APPSOLVE will not be liable for any loss that you may incur because of someone else using your username and password, or account, either with or without your consent.
E. Let's be clear about our relationship. These Terms don't create any agency, partnership, joint venture, employment, or franchisee relationship between you and APPSOLVE. The Terms represent the agreement concluded by the parties. and it governs the contractual relationship between us.
Store Content that you post using our Services is your content (so let’s refer to it as “Your Content”). We don’t make any claim to it, which includes anything you post using our Services (like shop names, profile pictures, listing photos, listing descriptions, reviews, comments, videos, usernames, etc.).
A. Responsibility for Your Content. You understand and agree that you are solely responsible for Your Content. You represent that you have all necessary rights to Your Content and that you’re not infringing or violating any third party’s rights by posting it.
B. Permission to Use Your Content. By posting Your Content through our Services, you grant APPSOLVE a license to use it in order to offer you the services you requested. We don’t claim any ownership to Your Content, but we have your permission to use it in order to improve functionalities of the Services. That way, we won’t infringe any rights you have in Your Content, and we can help promote your stuff.
C. In other words. By posting Your Content, you grant APPSOLVE a non-exclusive, worldwide, royalty-free, irrevocable, sub-licensable, perpetual license to use, display, edit, modify, reproduce, distribute, store, and prepare derivative works of Your Content. You agree not to assert any moral rights or rights of publicity against us for using Your Content. You also recognize our legitimate interest in using it, in accordance with the scope of this license, to the extent Your Content contains any personal information.
E. Inappropriate, False, or Misleading Content. This should be common sense, but there are certain types of content we don’t want posted on APPSOLVE Services (for legal reasons or otherwise). You agree that you will not post any content that is abusive, threatening, defamatory, obscene, vulgar, or otherwise offensive or in violation of our Terms or the applicable law. You also agree not to post any content that is false and misleading or uses the Services in a manner that is fraudulent or deceptive. If you breach this article, we may delete Your Content without any indemnification or prior notice.
Appsolve reserves the right but does not assume the obligation to strictly enforce these Terms, including without limitation by issuing warnings, suspension, or termination of access to the website and/or Services, and/or by removing, screening, or editing of Content, or by engaging in self-help and active investigation, litigation and prosecution in any court or other appropriate venue.
Appsolve may access, use, and disclose transaction information and any Content provided by you to comply with the law (e.g., a lawful request) or based on our reasonable judgment that disclosure is necessary, or to enforce or apply our agreements (including these Terms), to initiate, render, bill, and collect for Services, to protect our rights or property, or to protect users of our Services, the website and other persons or entities from fraudulent, abusive, or unlawful use of the website or any such Services. INDIRECT, ATTEMPTED OR ACTUAL VIOLATIONS OF THESE TERMS OR ANY RELATED POLICY BY YOU OR ANY THIRD-PARTY ON YOUR BEHALF SHALL BE CONSIDERED VIOLATIONS OF THESE TERMS BY YOU.
License to Use Our Services. We grant you a limited, non-exclusive, non-transferable, and revocable license to use our Services. We reserve the right to update and/or upgrade the Services from time to time without any prior notice. The right of use is subject to the Terms and the following restrictions in particular:
A. Don’t Use Our Services to Break the Law. You agree that you will not violate any laws in connection with your use of the Services. This includes any local, state, federal, and international laws that may apply to you. For example, it’s your responsibility to obtain any permits or licenses that your shop requires. You may not sell anything that violates any laws, and you may not engage in fraud (including false claims or infringement notices), theft, anti-competitive conduct, threatening conduct, or any other unlawful acts or crimes against APPSOLVE, another APPSOLVE user, or a third party.
B. Pay Your Bills. You are responsible for paying all fees that you owe to APPSOLVE in the specified terms. Except as set forth below, you are also solely responsible for collecting and/or paying any applicable taxes for any purchases or sales you make through our Services. The fees you pay are non-refundable. For avoidance of doubt, as long as you have the licence to use the Services, you undertake to pay all applicable fees whether you implement the Services on your Shopify website or not.
Nonetheless, if our Services do not reach your expectations, you can request a refund of the applicable fees within a maximum of 30 (thirty) days after the termination of the trial version period (announced when you purchased the license to use our Services).
C. Don’t Steal Our Stuff. You agree not to crawl, scrape, or spider any page of the Services or to reverse engineer or attempt to obtain the source code of the Services. If you want to use our API, please contact us by sending an email to email@example.com
D. Don’t Try to Harm Our Systems. You agree not to interfere with or try to disrupt our Services, for example by distributing a virus or other harmful computer code. You agree not to access the Services or monitor any material or information from the Services using any robot, spider, scraper, or other automated means.
E. Follow Our Trademark Policy. The name "Vitals" and the other APPSOLVE marks, phrases, logos, and designs that we use in connection with our Services, are trademarks, service marks of APPSOLVE in the EU and other countries. You agree to refrain from using our names, logos and designs (whether registered or not) in any way, other than as a natural and inherent part of the use of our Services.
F. Your right to use our Services. You may use the Services solely for your business operations and subject to our Terms. You are responsible for compliance by any user of the Services with the limitations set out above. Any moral and patrimonial rights over or in relation to the Services shall dully belong to us. The license to use the Services does not entail transfer of copyright over or in relation to our applications. For the avoidance of doubt, all copyrights over or in relation to conception material, source code, object code of our applications, as well as all materials, manuals, or procedure for the use of the Services and related to the Services shall dully belong to APPSOLVE. Furthermore, we may, without any restrictions, grant to any third parties the right to use our Services, as well as any other rights, under terms exclusively established by APPSOLVE.
Under the Terms, you may not transfer or sublicense the Services to another person or entity. You should not rent, lease, loan, auction, or resell the Services nor modify, translate, or create derivative works, reverse engineer, de-compile, or disassemble the Services, in whole or in part, or otherwise attempt to reconstruct or discover the source or object code or underlying ideas, algorithms, file formats, programming or interoperability interfaces. You shall not use the Services to provide similar services to third parties or allow use or access to the Services by any third party other than user acting on your behalf. You may not permit third parties to benefit in any way from the use or functionality of the Services. You may not modify, block, circumvent or otherwise interfere with any authentication, license key or security measures in the Services.
Violating the security of our website or applications is prohibited and may result in criminal and civil liability. Appsolve may investigate incidents involving such violations and may involve and will cooperate with law enforcement if a criminal violation is suspected. Examples of security violations include, without limitation, unauthorized access to or use of data or systems including any attempt to probe, scan, or test the vulnerability of the Website or to breach security or authentication measures, unauthorized monitoring of data or traffic, interference with service to any user, host, or network including, without limitation, mail bombing, news bombing, other flooding techniques, deliberate attempts to overload a system, forging any TCP-IP packet header, e-mail header, or any part of a message header, except for the authorized use of aliases or anonymous remailers, and using manual or electronic means to avoid any use limitations.
Termination By You. We'd hate to see you go, but you may terminate your account with APPSOLVE together with your access to our Services at any time by deleting the application from your Shopify list of apps. The termination will affect Your Content that you posted through the Services prior to termination, as APPSOLVE manages that content and APPSOLVE is no longer functioning. Your settings of our applications will be stored for no more than 1 (one) month after deleting them.
Termination By APPSOLVE. We may terminate or suspend your account (and any related accounts) and your access to the Services at any time, without having to justify our decision. If we do so, it’s important to understand that you don’t have a contractual or legal right to continue to use our Services. In this case, we will reimburse the fees corresponding to remaining period of time between termination and the already paid period.
If you or APPSOLVE terminate your account, you may lose any information associated with your account, including Your Content and your settings of our applications.
We will not be liable to you for the effect that any termination of the Services may have on you, including your income or your ability to generate revenue through the Services. We May Discontinue or Suspend the Services. APPSOLVE reserves the right to suspend or discontinue any of the Services at any time without prior notice, if you breach any of the provisions of the Terms. We will not be liable to you for the effect that any interruption of the Services may have on you, including your income or your ability to generate revenue through the Services and you will not be entitled to any refund.
We offer free of charge support services by e-mail and chat for troubleshooting purposes or if you need our support to customize your use of our applications. If you use inappropriate language or have an impolite or otherwise inappropriate conduct towards our employees, we may refuse your request for support.
You acknowledge that APPSOLVE does not provide any data back-up services, including any Content or any other data that you or third parties upload, post or use.
WARRANTIES. APPSOLVE IS DEDICATED TO MAKING OUR SERVICES THE BEST THEY CAN BE, BUT WE’RE NOT PERFECT AND SOMETIMES THINGS CAN GO WRONG. YOU UNDERSTAND THAT OUR SERVICES ARE PROVIDED “AS IS”. WE ARE EXPRESSLY DISCLAIMING ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, AS WELL AS ANY WARRANTIES IMPLIED BY A COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE.
WE DO NOT GUARANTEE THAT:
(I) THE SERVICES WILL BE SECURE OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION,
(II) ANY DEFECTS OR ERRORS WILL BE CORRECTED, (III) THE SERVICES WILL BE FREE OF VIRUSES OR OTHER HARMFUL MATERIALS OR THE RESULTS OF USING THE SERVICES WILL MEET YOUR EXPECTATIONS;
(IV) THERE WILL BE NO BREACH OF security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, ANY data transmitted, stored or otherwise processed THROUGH OUR SERVICES. YOU USE THE SERVICES SOLELY AT YOUR OWN RISK.
APPSOLVE IS NOT RESPONSIBLE TO YOU OR TO ANY THIRD PARTY FOR ANY DAMAGE, LOSS OF PROFITS, BUSINESS, CONTRACTS, REVENUES, GOODWILL, PRODUCTIONS AND ANTICIPATING SAVINGS OR ANY DIRECT OR INDIRECT, CONSEQUENTIAL OR ECONOMIC LOSS OF ANY KIND AS A RESULT OF: ANY FAULTS, OMISSION, TECHNICAL PROBLEMS AND MALFUNCTIONING ATTRIBUTED TO THE PLATFORMS APPSOLVE IS USING FOR THE PROVISION OF THE SERVICES, INTERNET SERVICE PROVIDERS OR DELAYS IN THE TRANSMISSION OR STORAGE OF ANY DATA PROVIDED TO APPSOLVE; ANY DELAY AND/OR FAILURE ON BEHALF OF APPSOLVE TO PROVIDE ITS SERVICES DUE TO FORCE MAJEURE CASES, WHICH INCLUDE GOVERNMENTAL BANNING OF THE AGREED SERVICES; FOR TERMINATION OF THIS AGREEMENT; FOR ANY NEGLIGENCE ON OUR SIDE.
WE DON’T WARRANT THAT THE APPLICATION WILL OPERATE WITHOUT DISRUPTIONS, ERRORS OR INTERRUPTIONS, OR THAT IT WILL BE ACCESSIBLE OR AVAILABLE AT ALL TIMES OR IMMUNE FROM GLITCHES OR UNAUTHORIZED ACCESS. YOU WILL NOT RECEIVE ANY COMPENSATION OR REFUND FOR SUCH INTERRUPTION.
IF THE USE OF THE SERVICES IS SUSPENDED/INTERRUPTED BECAUSE OF ANY NEGLIGENCE ON OUR SIDE, FOR MORE THAN 7 CALENDAR DAYS, YOU HAVE THE RIGHT TO TERMINATE THE AGREEMENT AND YOUR ACCOUNT, AND WE WILL REFUND THE FEES YOU PAID, PRORATED WITH THE PERIOD REMANING UNTIL THE TERMINATION OF THE PREPAID SERVICE IN THIS RESPECT, YOU SHALL PROMPTLY INFORM US BY SENDING AN EMAIL TO HELP@VITALS.CO.
WE RESERVE THE RIGHT TO WITHDRAW APPLICATIONS OR FUNCTIONALITIES OF OUR APPLICATIONS WITH A PRIOR WRITTEN NOTICE SENT TO YOU WITH 15 (FIFTEEN) CALENDAR DAYS IN ADVANCE. THIS DOES NOT ENTITLE YOU TO ANY REFUND. HOWEVER, IF YOU NO LONGER WANT TO USE OUR SERVICES AS A RESULT OF THESE CHANGES, YOU CAN TERMINATE YOUR ACCOUNT AND DELETE OUR APPLICATIONS, NO LATER THAN 30 DAYS AFTER WE HAVE IMPLEMENTED THE ANNOUNCED CHANGES. WITHIN THE SAME 30-DAY TERM, YOU MAY ALSO ASK FOR A REFUND OF THE FEES YOU PAID, PRORATED WITH THE PERIOD REMANING UNTIL THE TERMINATION OF THE PREPAID SERVICE.
IN EXCEPTIONAL SITUATIONS, APPSOLVE HAS THE RIGHT TO WITHDRAW APPLICATIONS OR FUNCTIONS WITHOUT ANY PRIOR NOTICE. THE ABOVE SHALL APPLY MUTATIS MUTANDIS. THIS AGREEMENT TERMS AND CONDITIONS THAT BY THEIR NATURE SHOULD SURVIVE TERMINATION SHALL SURVIVE TERMINATION, INCLUDING WITHOUT BEING LIMITED TO WARRANTY AND LIMITATION OF LIABILITY CLAUSES.
During the term of the agreement under which APPSOLVE has agreed to give you the right of use of the Services, APPSOLVE will provide a Monthly Uptime Percentage to the customers (the "Service Level Objective" or "SLO") of 99.9%.
Monthly Uptime PercentagePercentage of monthly bill to be refunded99.0% – < 99.9%10%95.0% – < 99.0%25%< 95.0%50%
In order to receive any refund described above, the Customer must notify APPSOLVE’s technical support within 10 days from the time Customer becomes eligible to receive a refund. Failure to comply with this requirement will forfeit Customer's right to receive a refund. The SLA does not apply to any errors or failure on our side to comply with the thresholds mentioned above (i) caused by factors outside APPSOLVE’S reasonable control or negligence or (ii) that resulted from your software or hardware or third-party software of hardware or both or (iii) that resulted from abuses or other behaviours that violate this Terms or the law. Section 8 of this Terms shall apply mutatis mutandis.
APPSOLVE shall not be responsible for any failure to perform its obligations under the Terms if such failure is caused by force majeure or unforeseen circumstances such as, cyberattacks, war, strikes, revolutions, laws or governmental regulations, other causes that are beyond the reasonable control of such party or other similar events.
In such event, our obligations shall be suspended until termination of the event referred above. If such force majeure/unforeseen circumstance lasts for more than 30 (thirty) calendar days, we may terminate our agreement at any time. A case of force majeure or unforeseen circumstance shall be notified to the other party by e-mail within 3 (three) calendar days after its occurrence.
We hope this never happens, but if APPSOLVE gets sued because of something that you did, you agree to defend and indemnify us. That means you’ll defend APPSOLVE (including any of our employees) and hold us harmless from any legal claim or demand (including reasonable attorney’s fees) that arises from your actions, your use (or misuse) of our Services, your breach of the Terms, or your account’s infringement of someone else’s rights.
We reserve the right to handle our legal defence however we see fit, even if you are indemnifying us, in which case you agree to cooperate with us, so we can execute our strategy.
If you find yourself in a dispute with another user of APPSOLVE'S Services or a third party, we encourage you to contact the other party and try to resolve the dispute amicably.
If you’re upset with us, let us know, and hopefully we can resolve your issue. But if we can’t, then these rules will govern any legal dispute involving our Services:
A. Governing Law. The Terms are governed by the laws of Romania, without regard to its conflict of laws rules. These laws will apply no matter where in the world you live. For avoidance of doubt, as merchant, you do not qualify for the consumer protection that some states recognize. Any dispute arising out of or in connection with this contract, including any question regarding its existence, validity or termination, shall be subject to the exclusive jurisdiction of the Romanian Courts.
We may update these Terms from time to time. In this case we will definitely let you know by posting the changes through the Services and/or emailing you or message about the changes. That way you can decide whether you want to continue using the Services. Changes will be effective upon the posting of the changes unless otherwise specified. You are responsible for reviewing and becoming familiar with any changes. Your use of the Services after 5 days following the changes, constitutes your acceptance of the updated Terms.
The Terms, including all the policies that make up the Terms, supersede any other agreement between you and APPSOLVE regarding the Services. If any part of the Terms is found to be unenforceable, that part will be limited to the minimum extent necessary so that the Terms will otherwise remain in full force and effect. Our failure to enforce any part of the Terms is not a waiver of our right to later enforce that or any other part of the Terms. We may assign any of our rights and obligations under the Terms. You are allowed to assign your rights and obligations established under the Terms only without our prior written consent.
If you have any questions about the Terms, please email us at firstname.lastname@example.org.
This DPA is deemed incorporated into any agreement that has as scope the services provided by APPSOLVE, a company representing a Shopify partner (hereinafter called the "Company") and the Company is acting as a data processor. By contracting our services, the client agrees to be legally bound by this DPA.
means, as applicable and binding for the Client, the Company, and/or Services:
(a) any law, statute, regulation, or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided or in connection with;
(b) the common law and laws of equity applicable to the parties from time to time;
(c) any binding court order, judgment, decree; or
(d) any applicable regulation, policy, rule, or order that is binding on a Party and that is issued or given by a regulatory body that has jurisdiction over a Party or any assets, resources, or business of that Party;
means personal data received from or processed in any way on behalf of the Client, directly or indirectly, by the Company or a sub-Processor, in connection with or as part of the provision of the Services under the Main Agreement;
means the description of the intention (purpose) of the use, processing, and transfer paths of the Client Data during the provision of Services according to the Company's directions
Personal data protection laws
means as applicable and binding for the Client, Company, and/or Services:
(a) in the member states of the European Union: GDPR and all relevant laws or regulations of the member states that implement or correspond to one of them;
(b) any provisions on data protection in the Applicable Law; or
(c) any applicable law of any country that may apply to the provision of the Services which are sent in writing by the Client to the Company in advance
Losses in relation to personal data processing
refers to all liabilities:
(a) costs (including legal costs), claims, actions, settlements, interest, taxes, proceedings, expenses, losses, and damages (in relation to physical damages); and
(b) to the extent permitted by applicable law:
(i) administrative fines, penalties, sanctions, debts, or other remedies imposed by a supervisory authority;
(ii) compensation that is ordered by a supervisory authority to be paid to a data subject; and
(iii) the reasonable costs of complying with investigations by a supervisory authority;
but excluding: any current or anticipated loss of income or profits; loss of contracts; loss of customers or reputation; moral damage; any direct or indirect loss or damage, regardless of its origin and whether caused by tort (including negligence), breach of contract or otherwise, regardless of whether such loss or damage is foreseeable, foreseen or known;
Data subject request
means a request made by a data subject to exercise any rights belonging to the data subject in accordance with personal data protection laws;
refers to the general data protection regulation (EU) 2016/679;
relates to any breach of data security resulting in the destruction, loss, alteration, unauthorized disclosure, or access of any Client Data or any other unlawful processing of Client Data;
means the information and consents obtained in a legally correct manner, from the data subjects, regarding the processing of their personal data by the parties and by any Processor, sub-processor, or Controller for the provision of the Services, including in accordance with any data path;
has the meaning given in clause 2.1.1
means another processor contracted by the Company to carry out the processing activities of the Client data on behalf of the Client
means any local, national, or multinational public authority, regulatory or supervisory authority, or other body responsible for approving and managing data protection laws
means any third party involved in the processing of Client Data in connection with the Services which does not include the Client and the Company
Personal Data, Controller, Processor, Data Subject, Processing
have the meaning given to such terms in Personal data protection laws
1.1 The parties agree that, for the Client's data, the Client will be the Data Controller and the Company will be the Data Processor, including situations where the Client's data originates from a third party, like a Platform operator and that platform will act as joint controller with the Client with respect to such Client Data. In all cases, the status of the parties will be interpreted in accordance with the Personal data protection laws, but it is acknowledged and agreed that, if processing the Client's data under this Processing Agreement, the Company will always act as a Data Processor.
1.2 The Company will process the Client's data in accordance with:
1.2.1 the obligations of the Data Processor under Personal data protection laws regarding the fulfillment of their obligations under this processing agreement; and
1.2.2 the terms of this Data Processing Agreement
1.3 The Client must comply with:
1.3.1 all Personal data protection laws in relation to the processing of Client Data, the Services, and the exercise and enforcement of Client rights and obligations under this Data Processing Agreement and any platform agreements, including (without limitation) the retention of all records and notices of relevant regulation according to Personal data protection laws; and;
1.3.2 the terms of this Data Processing Agreement and any applicable Platform Agreements
1.4 The Client warrants and undertakes that:
1.4.1 all Client data must comply with Personal data protection laws in all respects, including their collection, storage, and processing (this also means that the Client will provide all correct information necessary for fair processing including obtaining consent necessary, from the Data Subjects), with Personal data protection laws;
1.4.2 all Client data may be lawfully processed by the Company and any third party used to provide the Services and in accordance with any Data path
1.4.3 in respect of all Client Data:
(a) where the Client Data is provided directly by the Client, the Client shall implement and present appropriate mechanisms:
(i) to ensure that notifications and confidentiality statements are provided and that they are obtained from the data subjects;
(ii) through which the data subjects can request the modification of their personal data or can request the renunciation of the processing of their personal data;
(iii) to exclude from its own database, the data of the data subjects who opted for the Client's refusal to process their data, in accordance with point 1.4.3 (a)ii;
(iv) to ensure that the Client does not issue Processing Instructions for the data subjects who have opted for the Client's refusal to process their data, in accordance with point 1.4.3 (a) iii;
(v) ensure that the Client Data is up-to-date and accurate and notify the Company of any changes to the Client Data; and
(b) where the Client Data is not provided directly by the Client, the Client has ensured that the data providers have complied with the Personal Data Protection Laws and that the data provided by the Client can be used by the Company for the provision of the Services
1.4.4 Client Data shall not include:
(a) Personal data belonging to underaged data subjects, as defined by any applicable law;
(b) special categories of personal data; or
(c) location data,
unless the legal basis for processing such data in accordance with Personal data protection laws as part of the Services was first established by the Client;
1.4.5 All instructions that the Client will give to the Company regarding personal data will always comply with the Personal data protection laws.
1.5 The Client shall not unreasonably withhold, delay or withhold consent to any change requested by the Company to ensure that the Services and the Company (and each Sub-Processor, including any Platforms) can comply with the Personal Data Protection Laws.
1.6 The Client agrees to the following:
(a) Where, as part of the services it provides, the Company is required to:
(i) to obtain directly from the data subjects personal data or Personal Data belonging to the Client; or
(ii) obtain consent from any data subjects for any use, further use or use for any additional purpose,
It is the Client's responsibility to provide all necessary forms for any notices regarding privacy statements regarding the lawful acquisition/acquisition of such Client Data for use by the Company in the delivery of the Services (including but not limited to third-party cookies, tags pixels and other relevant tags used by the Company's suppliers on the Client's websites) and verify that the privacy notices and statements used by third parties to acquire any Client Data and for the Client are satisfactory to ensure compliance with all applicable Personal data protection laws of the Client's personal data and their subsequent use by the Client, the Company or any third party; and
(b) The Company (including any Sub-Processor) shall not be liable for any loss, delay or damage of any kind caused to the Client, by the Client's failure to fulfill its obligation to provide the Company with any notification or confidentiality statement, requested in due time.
1.7 The Client also agrees that, where as part of the Services provided to the Client, the Client directly accesses the Platforms by means of any authentication credentials, authentication information and/or any other means, technologies, or methods designed to access such Platforms ("Platform Login Credentials") provided to Client by Company, whether such access is read-only or otherwise, Client warrants and agrees that access to and use of such Platforms must comply with this Processing Agreement, the available Platform policies, and applicable law. Without limiting the foregoing, Client shall not in any way misappropriate any part of a Platform or any part thereof or may not modify, disassemble, decompile, reprogram, copy, reproduce or create derivative works from or in connection with a Platform or any part thereof, including without limitation, for the purpose of re-identifying any user.
1.8 The Client undertakes, confirms and guarantees for the following aspects:
1.8.1 the personal data processing operations carried out by the Company and any Platforms, including any data path, are appropriate for the purposes for which the Client intends to use the Client's Data;
1.8.2 The Company and any Platforms present sufficient guarantees, expertise and resources to perform the Services in accordance with the requirements of the Personal Data Protection Law.
1.9 It is agreed and acknowledged that the Client is aware of and fully understands the Company's processing operations described in this Data Processing Agreement and any data path.
2.1 For the situations when the Company processes the Client's data on behalf of the Client, the Company:
2.1.1 unless it is obliged to proceed differently by the applicable Law (and will take measures to ensure that each person acting under its authority will proceed in this way), it will process the Client's data only and only in compliance with the Client's instructions as set out in this clause 2 and Annex 1 (Data Processing Details).
2.1.2 where applicable laws require it to process Client data other than in accordance with processing instructions must notify Client of any such requirement prior to processing Client data (unless applicable law prohibits this information for reasons of important public interest);
2.1.3 informs the Client if the Company becomes aware of a Processing Instruction that, in the Company's opinion, violates Personal data protection laws, noting that:
(a) the provisions of points 1.3 and 1.4 apply accordingly;
(b) to the maximum extent permitted by law, the Company shall have no liability, whether arising in contract or in tort (including negligence) or otherwise, for any losses, costs, expenses or liabilities (including losses of data protection) from or in connection with any processing of personal data carried out in accordance with the Client's Processing Instructions;
2.1.4 assumes no responsibility to determine the purposes for which and how the Client's data is processed
3.1 The Company implements and maintains, at its cost and expenses, the technical and organizational measures:
3.1.1 regarding the processing of Client data by the Company, as provided in Annex 2 (Technical and organizational measures); and
3.1.2 taking into account the nature of the processing, to assist the Client as much as possible in fulfilling the Client's obligations to respond to requests coming from the persons concerned, requests related to the Client's Data.
3.2 Considering the state of the art and the cost of their implementation and maintenance, the Client and the Company agree that the "Technical and Organizational Measures" provided in Annex 2 are able to ensure a level of security corresponding and adequate to the risks represented by the processing provided for in annex 1 and the nature of the data to the client and any additional technical and organizational measures, will be subject to an additional written agreement between the Client and the Company and at the cost and expense of the Client.
4.1. The Company will not employ any Sub-Processor to carry out any activities regarding the processing of the Client's data without his authorization (the authorization must not be withheld, conditioned or delayed), taking into consideration that the Client hereby authorizes the appointment:
(a) to all sub-processors identified in any data path; and
(b) to any company acting as Sub-Processor for the purpose of delivering the Services.
With respect to this clause 4.1, the Client acknowledges and agrees that, given the specific mode of delivery of the Services, an exact list of such Sub-processors, data providers, subcontractors and website publishers used to provide the Services may be provided on the Company website/page and will be provided at the Client request.
4.2 If the Client wishes to object to the appointment of any Sub-Processor at any time, the Client shall notify the Company accordingly within 1 working day, and the Company, in the absence of such notification, may appoint that Sub-Processor. If the Parties, acting reasonably, will not agree to the appointment of the proposed Sub-processor, the Company has the right to unilaterally terminate or terminate the Main Agreement with immediate effect, insofar as it relates to the services that require the use of the proposed sub-processor.
4.3. The Company appoints sub-processors in principle under agreements containing the same obligations as clauses 1-11 (inclusively), except for the situations acknowledged and agreed by the Client that some operators, agents or sub-agents appointed to provide the Services, including, most of the Platforms and certain multinational service providers will provide their services on non-negotiable terms (collectively called "Providers"), these terms being established, in the agreements published on the Platforms or in the general terms and conditions of data processing, ("Provider Terms" ). In such circumstances:
4.3.1 The Company will notify the Client of such providers;
4.3.2 in the absence of any objections from the Client, the Providers can be used to provide their Services;
4.3.3. Subject to the provisions of paragraph 4.3.2, the Providers and Provider Terms shall be deemed to be selected, approved, and authorized by the Client, and the Client is responsible, as the Data Controller, to determine and be aware of the Provider Terms at all times; and
4.3.4. The Company will make reasonable efforts to assist the Client in understanding the Providers Terms
4.4 Without prejudice to clause 10.2, if the Services are provided in accordance with the Providers Terms, the Company will not be liable for any loss or damage generated by the processing of personal data, resulting from the actions, omissions or violations direct or indirect of such a provider and that exceed any limit of liability assumed by the Terms and conditions of the respective provider.
4.5 The Client acknowledges and agrees that these providers may appoint processors and Sub-processor in the delivery of the Services in accordance with the Providers Terms without notice and under obligations substantially different from those set forth in this Agreement and the Company shall have no obligations to the Client in respect to the processors and Sub-processors appointed by these providers.
4.6 The Company ensures that all Company personnel authorized to process the Client's data are subject to a contractual obligation with the Company to maintain the confidentiality of the Client's data (unless disclosure is required under applicable law, in which case the Company, if possible and not (is prohibited by applicable law, shall notify the Client of any such requirement, prior to such disclosure).
5.1 The Company sends the Client all the requests it receives from the data subjects within three working days of receiving the request.
5.2 The Company will provide the Client with the assistance that the Client reasonably requests (taking into account the nature of the processing and the information available to the Company) to ensure compliance with the Client'sobligations under the Personal data protection laws regarding:
5.2.1 Data processing security;
5.2.2 data protection impact assessments (as defined in the Data Protection Act);
5.2.3 prior consultation with a supervisory authority regarding high-risk processing; and
5.2.4 notifications addressed to the Supervisory Authority and / or communications to the data subjects by the Client,
in response to any data breach, provided that the Company has the right to charge appropriate remuneration for such assistance in the event that such involvement would materially exceed what may reasonably be considered by the Company to be part of the services provided by the Company as a professional under the Main Agreement.
6.1 The Client agrees that the Company may transfer Client data to countries outside the European Economic Area (EEA) or any international organization (an International Recipient), provided that all Transfers by the Company of Client Data to an International Recipient) (in extent required by Personal data protection laws) to be carried out through appropriate security measures and in accordance with Personal data protection laws. The provisions of this Processing Agreement constitute the Client's instructions regarding transfers in accordance with clause 2.1.
7.1 The Company will keep, in accordance with Personal data protection laws binding on the Company, written records of all categories of processing activities carried out on behalf of the Client.
7.2 In accordance with the Personal data protection laws, the Company makes available to the Client the information it considers reasonably necessary to demonstrate the Company's compliance with the obligations of the data processors, in accordance with the Personal data protection laws and to allow participation in audits (once a year at the most and subject to Company’s confidentiality undertakings), by Client (or other auditor mandated by the Client) for this purpose, subject to the guarantee of the Client who undertakes:
7.2.1 To give the Company, in advance, a notification regarding the request for information, the audit and / or the inspection requested by the Client;
7.2.2 Ensure that all information obtained or generated by the Client or its auditors in connection with requests, inspections, and audits of such information is strictly confidential (except as disclosed by the Supervisory Authority or in accordance with applicable law);
7.2.3 Ensuring that this audit or inspection is carried out during normal business hours, with minimal disruption to the Company's business, the Sub-processors’ business, and other Company's clients; and
7.2.4 Pay the Company's reasonable costs of assisting in the provision of information and in permitting and contributing to inspections and audits.
8.1 With regard to any security breach regarding the processing of the Client's personal data, the Company will
intervene, without delay:
8.1.1 to notify the Client about data breaches regarding the processing of personal data; and
8.1.2 to provide the Client with details regarding the security data breach regarding the processing of personal data.
9.1 The Company:
9.1.1 upon the Client's written request, return all originals or provide the Client with a copy of all Client data in the form the Client requests;
9.1.2 will delete all copies of the Client Data (unless applicable law requires the storage of any data, and if so the Company will inform the Client of any such requirements) except that the Company will not be obliged to delete the copies kept in backup systems used exclusively for disaster recovery systems, given the onerous nature of such deletion exercises, within a reasonable time, at the earliest:
220.127.116.11 after the provision of the relevant services related to the processing has ended; or
18.104.22.168 once the Company's processing of any Client data is no longer necessary for the Company's fulfillment of its relevant obligations under this data processing agreement and / or Main Agreement and/ or applicale laws.
10.1. The Company shall be liable and indemnify the Client for losses arising from the breach of the provisions regarding the processing of Client Data (however caused, regardless of contract, tort (including negligence) or otherwise) under or in connection with this Data Processing Agreement:
10.1.1. only to the extent that any loss is caused by the processing of Client data under this Processing Agreement and directly results from the Company's breach of clauses 1-11 (inclusive); and
10.1.2. in no event to the extent that any losses arising from the breach of the Data processing provisions (or the circumstances giving rise to them) are caused by any breach of this Agreement by the Client (including in accordance with clause 2.1.3(b)).
10.2. The Company makes no statements or guarantees regarding its suppliers, providers or regarding the Personal Data processing activities by the suppliers and will not compensate the Client for any data processing activities carried out by the suppliers.
10.3. The Client shall be liable and shall indemnify the Company in respect of all losses arising from the breach of the provisions regarding the processing of personal data suffered by the Company and any Sub-processor in connection with the following:
10.3.1. Non-compliance by the Client with the Personal data protection laws of this Contract or the Terms and Conditions of the Providers;
10.3.2. processing carried out by the Company or a Sub-processor in accordance with any Processing Instruction in breach of any Personal data protection laws; or
10.3.3. violation of any Personal data protection laws or any contractual obligation by an Operator, Authorized or Sub-authorized third parties, approved by the Client for the delivery of services.
10.3.4. breach by the Client of any of its obligations in accordance with clauses 1-11 (inclusive), except where the Company is liable under clause 10.1.
10.4. If a party receives a claim for indemnification from an individual relating to the processing of Client Data, it will promptly provide the other party with full notice and particulars of such claim. The party leading the action must:
10.4.1. not to make any admission of liability and not to accept any settlement agreement or settlement of the such claim without the prior written consent of the other party (the answer shall not be unreasonably delayed); and
10.4.2. to consult fully with the other party in connection with any such action, but the terms of any settlement or settlement of the claim shall be solely the decision of the party responsible for paying and supporting the compensation
10.5. The parties agree that the Client shall not be entitled to claim from the Company any part of any compensation paid by the Client in relation to such damages to the extent that the Client is obliged to indemnify the Company by clause 10.2.
10.6. This clause 10 envisages the sharing of responsibility for the losses generated by non-compliance with the provisions relating to data processing between the parties, including with regard to the compensation of the data subjects, without prejudice to the provisions of the Personal data protection laws, except:
10.6.1. the situation in which it is not permitted by the applicable legislation (including Personal data protection laws)
10.6.2. the fact that it does not impact the liability of either party in front of the data subject
11.1. Clauses 1-11 (inclusive) shall survive termination (for any reason) or expiration of this Data Processing
Agreement and shall continue:
11.1.1. indefinitely in the case of clauses 9-11 (inclusive); and
11.1.2. up to 12 months from the date before termination or expiry of this Data Processing Agreement in the case of clauses 1-8 (inclusive), provided that any termination or expiration of clauses 1-8 (inclusive) shall not affect either party's rights and remedies under such clauses at the time of termination or expiration.
11.2. In the event of a conflict between the terms of this Data Processing Agreement and the Main Agreement or any other agreement governing the relationship between the parties, the terms of this Data Processing Agreement shall prevail.
12. Term and Termination of Services
12.1. This Data Processing Agreement expires at the latest on:
12.1.1. Termination or expiration of the Main Agreement or
12.1.2. Cessation of any processing of Client data by the Company on behalf of the Client in accordance with the provision of the Services.
12.2. The Client and the Company have the right to suspend and/or terminate this Data Processing Agreement at any time by giving three months' notice to the other party.
13.1. This Data Processing Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the choice of law specified in the Main Agreement.
13.2. The parties irrevocably agree that the courts specified in the Main Agreement shall have exclusive jurisdiction to resolve any dispute or claim arising out of or in connection with this Data Processing Agreement or its subject matter or form (including non-contractual disputes or claims).
Appsolve will process the Client Data as a Data Processor for the purpose of providing the Services in accordance with these documented instructions from the Client:
Client's written requests should be sent to us through Shopify tools like the Privacy Portal. In the specific case of Shopify end customers' data, GDPR compliance is honored as enabled by virtue of the implementation of Shopify's data protection mechanisms.
The Company will put in place a fully documented and internally approved information security policy based on best practices and international security standards (eg. ISO 27001, NIST, etc.), indicating management direction and support for information security.
This information security policy will be reviewed and updated on a yearly basis.
Contractual agreements with employees and contractors will include their responsibilities for information security.
All employees, contractors, and third-party users are asked to agree to terms and conditions reflecting the organization's policies for information security (e.g. confidentiality or non-disclosure agreements).
Management behavior and policies drive, require, and encourage all employees, contractors, and 3rd party users to apply security in accordance with established policies and procedures.
All employees, contractors, and 3rd party users undergo regular security awareness training appropriate to their role and function within the organization.
A process is in place to ensure all employees and external users return the organization's assets on termination of their employment, contract, or agreement.
The Company will ensure that only identified, authenticated and authorized users gain access to information, operational applications, Services, and information systems. Obsolete access rights are removed in the timeliest manner possible, in order to prevent unauthorized access and potential misuse.
The Company will apply the 'least privileges' and 'need-to-know' principles and ensure where appropriate segregation of duties.
All user accounts will use 2-factor authentication (if supported by the platform).
Infrastructure access will be provided only to specialized employees and restricted to read-only access granted via VPN connections and 2-factor authentication.
All exceptions (including service accounts or functional accounts) must be risk assessed, justified, and periodically reviewed.
Specific computerized authentication systems based on strong authentication techniques (jointly use at least two different authentication techniques) are implemented for Applications processing Traffic and Judicial Data. This must be applied to all personnel, including the technical staff (application manager, system administrators, network administrators, and database managers) irrespective of the specific access mode (local/remote) to the processing system in question.
The Access Control Policy is based on need-to-know, role-based access and segregation of duties principles.
An Appointed Responsible Manager formally approves access to Information Systems, including checks to verify identity, segregation of duties, and/or checks to verify sensitive access requirements have been addressed before granting access.
All user access-related requests will be logged for all merchant operations, assessed, approved, and implemented in accordance with defined user access management processes. The allocation and use of privileged access rights will be controlled and restricted to the minimum.
Asset owners will review users' access rights at regular intervals. The access rights of all employees and external party users to information and information processing facilities will be removed upon termination of their employment, contract, or agreement, or adjusted upon role change.
Data will be backed up on a regular basis, protected from unauthorized access or modification during storage, and available to be recovered in a timely manner in the event of an incident or disaster.
All data at rest shall be protected by appropriate security mechanisms, including cryptographic and access controls (as appropriate).
Information about technical vulnerabilities of information systems will be obtained in a timely fashion, exposure to such vulnerabilities is evaluated on a daily basis and appropriate measures are taken to mitigate the associated risk.
Where the Services infrastructure is managed and/or hosted by Company, subject to the Agreement between the Client and Company:
Proper protection and availability of the logs will be ensured. Logs should be kept for a period of at least twelve (12) months or longer if legally required
The development, test, and operational environment will be separated
Any data provided by the Client will be securely deleted after its agreed period of use or at any first written request of the Client
The Company will implement proper procedures to anticipate capacity needs, back up all information, and protect the Services infrastructure against malicious code will be ensured.
The Company will implement secure and reliable networks for accurate and prompt data transmission, to avoid communication disruptions, and to guarantee confidentiality and integrity as these could have a material adverse impact on the Client's business and reputation.
Network architecture will be managed and controlled to protect the information in systems and applications against emerging security threats.
Appropriate security mechanisms (cryptographic and access controls) will be established and implemented to ensure the security of data in transit through private and public networks and the protection of IT Services from unauthorized access.
The Company will ensure that information security is addressed within information systems across the entire lifecycle to reduce risks of vulnerabilities introduced during the system acquisition, development, and maintenance.
The Company will adopt secure coding standards when developing products and services.
Information security-related requirements will be embedded in the planning stage for new information systems or enhancements to existing information systems.
The Company will protect the systems' development environments and integrates efforts that cover the entire system development lifecycle.
Security rules for the development of software and systems will be established and applied to developments within the organization. If development is outsourced, the Company will obtain assurance that the external party complies with these rules.
Acceptance testing programs and related criteria will be established for new information systems, upgrades, and new versions. Test data will be carefully selected, protected, and controlled.
The code developed by Company will be free of malicious code and commonly recognized security defects. In addition, the Company will ensure its systems are tested for vulnerabilities before and after each major release.
The Company will ensure a consistent and effective approach to the management of information security incidents, including communication with the Client.
Management responsibilities and procedures will be established to ensure a quick, effective and orderly response to information security incidents
Knowledge gained from analyzing and resolving information security incidents will be used to reduce the likelihood or impact of future incidents.
The Company will develop and implement business continuity plans, disaster recovery plans, and a crisis management framework, based on international standards, to avoid an interruption of the Services exceeding an acceptable period of time, or where a specific Service Level has been defined, exceeding the relevant Service Levels.
The Company will maintain and update its plans and procedures on a regular basis (at least once a year).
The Company will define clear and understood procedures for activation, escalation, and control over its incident response.
In addition to the requirements above Company will:
The business should ensure a formal methodology that defines its approach to system development.
The business should ensure that all requests for changes, system maintenance, and provider maintenance are documented. All implemented changes are traceable.
Implementation of identification, authentication, and authorization mechanisms to access systems and applications.
The business should establish procedures to ensure timely action relating to requesting, establishing, issuing, suspending, and closing of user accounts.
In the specific case of Shopify end customers' data, GDPR compliance is honored as enabled by virtue of the implementation of Shopify's data protection mechanisms.
The business should define and implement a problem management and escalation procedures system to ensure that all operational events which are not part of the standard operation (incidents, problems, and errors) are recorded, analyzed, and resolved in a timely manner.
Physical and network security and related controls should contribute to security maintenance and availability of systems and applications.
APPSOLVE (“Company”), having its registered headquarters at 14 Bogdan Voda Str., Bucharest 010936, Romania, processes personal data in compliance with the applicable legal regulations on the protection of natural persons with regard to the processing of personal data.
We may process personal data in relation to:
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
The main data/categories of data processed by the Company depend, as the case may be, on the purposes associated with the processing, and include data such as:
What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.
Data is processed for the purposes mentioned in the Cookies Policy related to that page/site.
We generally collect personal data directly from you when you are in a legal relationship with our Company or you are the representative of an organization that is in legal relationship with the Company.
In other cases, we may process personal data collected from other sources such as Merchants, suppliers or partners, publicly available sources, Shopify, and other channels/platforms providers, according to your settings preferences within such channels/platforms.
The Company processes personal data for multiple purposes. The methods of processing, the legal basis for processing, retention periods, and other such aspects may be different, depending on each purpose.
We process personal data mainly for the following purposes:
The legal bases of the processing take into account the provisions of the applicable normative acts regarding the processing of personal data and the provisions of the applicable legislation in the Company’s field of activity.
The processing is based on at least one of the following conditions of the legality of the processing:
We retain the personal data we process only for as long as is necessary for the purpose for which it was collected (including in accordance with applicable law or regulations), such as:
Any data may be retained by the Company, except from the foregoing provisions where applicable, until the expiry of the limitation period, in respect of situations in which the Company would have a legitimate interest in retaining certain personal data in connection with potential litigation that may arise between the parties.
In any case, except for the situations provided by the applicable legislation, we delete your data at the time you request such deletion. The applicable exceptional situations will be communicated to the data subject through the response submitted by our company in connection with the request to delete the data.
Our company is responsible for facilitating the exercise of your rights mentioned below.
Any of these rights may be exercised by sending an e-mail to us, or you can submit/send it to our headquarters address.
For the protection of your data, in order to prevent the abuse of malicious people who would follow the access to your data, if we receive a request from you regarding the exercise of the below-mentioned rights, we may ask you for additional information to verify your identity before acting on your request.
If you submit an application in electronic format for the exercise of your rights, the information will be provided by our company also in electronic format where possible.
We will try to respond promptly to any request from you and, in any case, within the time limits expressly mentioned by the applicable legal provisions (usually 30 days from the registration of the request). In certain situations, expressly provided by the applicable legislation, we may charge an access request which will take into account the administrative costs necessary to fulfill the request.
In the event that, as a result of the application of legal provisions, our company cannot comply, in whole or in part, with a request received from you as a data subject, then the applicable exceptional situations will be communicated to you by means of the reply submitted by our company in connection with the request in question.
You have the right to access your data we process as controller, respectively to obtain from the Company a confirmation whether it processes personal data concerning you and, if so, the following information:
If you fall under the protection of GDPR and your personal data are transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards.
You have the right to obtain from the Company, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes for which the data were processed, you have the right to obtain the completion of personal data that are incomplete, including by providing an additional statement. When possible or necessary we will make corrections (as appropriate) based on updated information and inform you about this if necessary.
You have the right to obtain from the Company the deletion of personal data concerning you, without undue delay, except for certain cases provided by the law, if one of the following reasons applies:
You have the right to obtain a restriction on processing in the following cases:
You have the right to receive your personal data which you have provided to the Company, in a structured, commonly used format that can be read automatically and when transmitted to another controller, without obstacles on the part of the Company, if (i) the processing is based on consent or contract and (ii) processing is carried out by automatic means.
In case of exercising the right to portability of personal data, they may be transmitted directly from the Company to another controller expressly indicated by you, where this is technically feasible.
When the processing is carried out for the purpose of the legitimate interests pursued by the Company or by a third party. At any time you have the right to object, for reasons related to your particular situation, to the processing carried out for the purpose of public interest or for the purpose of the legitimate interests pursued by the Company or a third party, including the creation of profiles. In this case, the Company will no longer process your personal data, unless it demonstrates that it has legitimate and compelling reasons justifying the processing and prevailing over your interests, rights, and freedoms or that the purpose is to establish, exercise, or defend a right in court.
When the processing has direct marketing as scope, you have the right to object at any time to the processing of personal data concerning you for this purpose, including the creation of profiles, insofar as it is related to that direct marketing. We inform you that the Company may send you offers, information, and other types of communications in the light of situations such as following your participation in an event organized by the Company as a main organizer or as a partner, the fact that you have agreed to receive commercial communications from us.
If you object to the processing for direct marketing purposes, personal data will no longer be processed for this purpose.
If the processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. The assumption of withdrawal of consent is not applicable in cases where the basis for processing is not consent.
If you want to complain about the use of your personal data, please send an e-mail /letter with the details of your complaint to us. We will analyze and respond within the legal deadlines to any complaint we receive. You also have the right to file a complaint with the competent data protection supervisory authority.
The company may transmit/grant access / disclose personal data mainly to the following categories of entities:
Especially for data subjects who fall under the protection of GDPR, the Company’s cloud hosting provider, Amazon Web Services (AWS), has a POP in the United States, and transfers are made to entities outside the European Union. If you fall under the protection of GDPR and the Company transfers your personal data to a third country or to an international organization, we will ensure that it is adequately protected, ie that we transmit the data in a country that provides an adequate level of protection as assessed by the competent entities or, if the country is considered not to have laws equivalent to GDPR data protection standards, we will ask the third party to conclude a legally binding contract/agreement/instrument that reflects the latter standards or provides other appropriate guarantees in this sense.
If personal data is collected directly from you, we inform you that, as a rule, you are not obliged to provide your personal information to the Company, unless their provision constitutes a legal or contractual obligation or an obligation /is necessary for concluding a legal relationship/contract. Thus, to the extent that you opt to enter into a legal relationship with the Company or otherwise benefit from our services/product, the provision of personal data is a necessity from the perspective of legal requirements and/or the legal relationship with us, because this information is necessary to honor the obligations undertaken by the Company in relation to you or to provide services and/or products to you. So, in these situations, depending on the data you refuse to provide, it is possible that:
If you consider that the information contained herein is ambiguous or contains ambiguities, you can request clarifications in this regard from us.
Address: Bogdan Voda 14, Bucharest 010936, Romania
Date of Last Revision: January 23, 2023