Data Processing Addendum
The terms that govern Shipider's processing of personal data on behalf of Customers, aligned with GDPR, UK GDPR, and equivalent regulations.
1. Introduction
This Data Processing Addendum (“DPA”) supplements the Terms of Service between Shipider (the “Processor”) and the Customer (the “Controller”). It applies whenever Shipider processes personal data on behalf of the Customer in the course of providing the Services.
2. Definitions
Capitalized terms not defined here have the meanings given in the Terms of Service or applicable data protection laws including the EU General Data Protection Regulation (“GDPR”) and the UK GDPR.
3. Scope & Roles
The Customer is the data controller and Shipider is the data processor with respect to Customer Data containing personal information. Shipider processes such data only on the documented instructions of the Customer, including as set out in the Terms.
4. Nature of Processing
Shipider processes personal data to operate the warehouse management platform: receiving inventory, processing orders, generating labels, providing dashboards, sending notifications, and handling related operational workflows.
5. Security Measures
Shipider implements appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, or destruction. Details are available on our Security page and may be updated as practices evolve.
6. Subprocessors
The Customer authorizes Shipider to engage subprocessors to support the Services. A current list of subprocessors is available on request. Shipider remains responsible for its subprocessors' compliance with this DPA.
7. International Transfers
Where personal data is transferred outside the EEA, UK, or other applicable region, Shipider relies on Standard Contractual Clauses or other recognized transfer mechanisms.
8. Data Subject Rights
Shipider will provide reasonable assistance to enable the Customer to respond to requests from data subjects exercising rights under applicable data protection law.
9. Personal Data Breach
Shipider will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Data, and will cooperate with the Customer's response.
10. Audits
Upon reasonable notice and subject to confidentiality, Shipider will make available information necessary to demonstrate compliance with this DPA, including third-party audit reports such as SOC 2.
11. Termination & Deletion
Upon termination of the Services, Shipider will delete or return Customer Data containing personal information in accordance with the Terms, unless retention is required by applicable law.
12. Contact
To request the current subprocessor list, the latest signed DPA, or to raise a data protection concern, contact support@shipider.com.
