1. Scope

This DPA applies where ResellerSync processes personal data on behalf of the subscriber. Examples include order details, customer contact information, and supplier integration data.

2. Roles & Responsibilities

• Controller (You): determines the purposes and means of processing personal data.
• Processor (ResellerSync): processes personal data only on documented instructions from the Controller.

3. Data Processing Obligations

ResellerSync agrees to:

• Only process personal data as instructed by the Controller.
• Implement appropriate technical and organisational measures to ensure data security.
• Ensure that staff authorised to process personal data are bound by confidentiality obligations.
• Assist the Controller in responding to data subject rights requests.
• Notify the Controller without undue delay of any personal data breach.

4. Sub-Processors

ResellerSync may engage trusted third-party sub-processors (such as hosting, payment, and support providers). A current list of sub-processors is available upon request. We remain fully responsible for the actions of our sub-processors.

5. International Transfers

Where personal data is transferred outside the UK or EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent legal mechanisms.

6. Data Retention

We will retain personal data only for as long as necessary to provide our services or as required by law. Upon termination of the subscription, personal data will be securely deleted or returned to the Controller, unless retention is legally required.

7. Audit Rights

The Controller has the right to request information necessary to demonstrate compliance with this DPA and applicable data protection laws. Formal audits may be carried out with reasonable notice and agreement.

8. Contact

For data protection queries, please contact us at:
Email: support@resellersync.io