BROUILLON — texte provisoire en attente de revue juridique.

Data Processing Agreement

Dernière mise à jour: 2026-05-07

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Ridone Technologies (“Processor”) and you (the merchant, “Controller”). It governs Processor's handling of personal data of your customers when you use the GetSoko Service.

1. Subject matter and duration

Processor processes Controller's customer personal data (“Personal Data”) solely to provide the Service: storing customer records, fulfilling orders, processing payments, and generating shipment artefacts. Processing continues for the term of the underlying contract.

2. Categories of data subjects and data

  • Subjects: Controller's customers and end-users.
  • Data: name, phone number, email (optional), delivery addresses, order history, payment references (no card numbers — those live with NabooPay).

3. Processor obligations

  • Process Personal Data only on documented Controller instructions. Using the Service constitutes such instructions.
  • Ensure personnel with access are bound by confidentiality.
  • Implement appropriate technical and organisational measures (encryption in transit and at rest; multi-tenant isolation enforced at both the application layer and the database connection role; access logs).
  • Notify Controller within 72 hours of becoming aware of a personal data breach affecting Controller's data.

4. Subprocessors

Controller authorises Processor to engage the subprocessors listed at /legal/subprocessors. Processor will give 30 days' notice of any change and Controller may object on reasonable grounds.

5. International transfers

Where a subprocessor is outside the EU, Processor relies on the European Commission's Standard Contractual Clauses or equivalent mechanism.

6. Data subject requests

Processor will assist Controller in responding to data-subject requests (access, deletion, portability) by providing tools or, on reasonable request, technical assistance. Direct customer requests received by Processor will be forwarded to Controller without undue delay.

7. Audits

On reasonable written notice (and no more than once per year), Controller may audit Processor's compliance — typically by reviewing Processor's certifications and answering a security questionnaire. On-site audits are by mutual agreement and at Controller's cost.

8. Return or deletion

On termination of the underlying contract, Processor will, at Controller's choice, return or delete all Personal Data within 90 days, except where retention is required by law (e.g. tax records).

9. Liability

Liability under this DPA is governed by the Terms of Service.

10. Contact

DPA questions: privacy@getsoko.xyz.

GetSoko utilise uniquement des cookies nécessaires au fonctionnement (session, langue, panier). En savoir plus