logo

DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement (“Agreement”) forms part of the agreement between the Merchant (“Controller”) and [Your Company Name] (“Processor”) governing the use of the AI chat assistant application (“Service”).

1. Roles of the Parties
1.1 The Merchant acts as the data controller.1.2 MaxifyShops acts as the data processor.
2. Scope of Processing
2.1 The Processor shall process personal data solely to:
  • Retrieve order status information
  • Access limited account details necessary for user requests
  • Initiate refund requests explicitly authorized by the end user
2.2 Processing is strictly limited to user-initiated interactions via the Service.
3. Nature of Data
3.1 Categories of data processed may include:
  • Order identifiers
  • Order status
  • Customer account references
  • Refund-related data
3.2 No sensitive personal data is intentionally processed.
4. No Data Retention
4.1 The Processor does not store personal data persistently.4.2 Data is processed in real time and discarded after the session ends.4.3 Temporary access tokens may be stored only for the duration of an active session.
5. Security Measures
Processor implements appropriate technical and organizational measures, including:
  • Encrypted transmission (HTTPS/TLS)
  • Token-based authentication
  • Session expiration controls
  • Restricted access to systems
 
6. Subprocessors
6.1 Processor may use third-party subprocessors (including AI service providers) strictly for delivering the Service.6.2 Processor ensures subprocessors are bound by data protection obligations.
7. Instructions
Processor shall process personal data only on documented instructions from the Merchant and the end user.
8. User Authorization
Merchant is responsible for ensuring that end users:
  • Are informed about the Service
  • Provide explicit consent before data access or actions
 
9. Data Subject Rights
Processor shall assist the Merchant, where applicable, in responding to data subject requests.
10. Liability
10.1 Each party is responsible for its own compliance obligations.10.2 Processor is responsible for securing its systems.10.3 Merchant is responsible for lawful data collection and user consent.
11. Term

This Agreement remains in effect for as long as the Service is used.

Accepted by Merchant:[Merchant Name][Date]