Data Protection Addendum

Home
/
Data Protection Addendum

Data Protection Addendum (DPA)

This Data Protection Addendum (“Addendum”) is a part of the Agreement between ShipConsole, a product-based shipping software provider, and its Customers. This Addendum outlines the commitments of ShipConsole to protect personal data processed while providing services to its Customers, in compliance with applicable data protection laws.

About ShipConsole

ShipConsole is an advanced shipping software solution designed to streamline and automate the shipping process for businesses. Our software integrates seamlessly with leading carriers and ERP systems, providing businesses with tools for tracking, label generation, analytics, and compliance. As a responsible data processor, we prioritize the security and privacy of the data entrusted to us.

Scope of the Addendum

This Addendum applies when ShipConsole processes personal data on behalf of its Customers in the course of delivering services. It governs ShipConsole’s obligations under applicable data protection laws, including but not limited to:

General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
UK Data Protection Act
Other relevant privacy and data security regulations.

Definitions

Customer Personal Data: Personal data provided to ShipConsole by the Customer for processing as part of the services.
Data Protection Laws: Legal frameworks governing the processing, storage, and protection of personal data, including GDPR and CCPA.
Processing: Any operation performed on personal data, such as collection, storage, analysis, or deletion.
Sub-processors: Third parties engaged by ShipConsole to support service delivery and processing activities.

Roles and Responsibilities

Customer as Data Controller

The Customer determines the purposes and means of processing Customer Personal Data and is responsible for ensuring compliance with applicable laws.

ShipConsole as Data Processor

ShipConsole processes personal data solely on the instructions of the Customer and in accordance with this Addendum.

Data Processing Activities

ShipConsole processes Customer Personal Data to provide the following services:

Shipment creation and management
Integration with shipping carriers
Label printing and tracking
Analytics and reporting

The scope, nature, and duration of processing activities are defined in the Agreement.

Data Protection Obligations of ShipConsole

ShipConsole is committed to ensuring the security, privacy, and confidentiality of Customer Personal Data. To that end, we:

Process Data Only on Instructions: Process personal data solely as directed by the Customer and for the agreed purposes.
Confidentiality: Ensure all personnel handling Customer Personal Data are trained and bound by strict confidentiality agreements.
Security Measures: Employ technical and organizational safeguards, such as:
- Encryption of data in transit and at rest
- Multi-factor authentication for access control
- Regular penetration testing and vulnerability assessments
Sub-processors: Use only approved Sub-processors and notify Customers of any changes (see Sub-processors below).
Data Breach Notification: Notify Customers promptly of any security incidents or breaches involving Customer Personal Data.
Retention and Deletion: Retain personal data only as long as necessary to provide services or as required by law. Upon request, data is securely deleted.

Data Subject Rights and Customer Support

ShipConsole will assist the Customer in fulfilling data subject requests, including:

Access to personal data
Rectification or erasure of data
Restriction or objection to processing
Data portability

Requests related to personal data can be directed to our Data Protection Officer at

Name: Srinivas Balusupati
Email: dpo@shipconsole.com

International Data Transfers

If Customer Personal Data is transferred outside the European Economic Area (EEA), United Kingdom, or Switzerland, ShipConsole ensures compliance with applicable data transfer mechanisms, such as:

Standard Contractual Clauses (SCCs)
UK International Data Transfer Addendum
Adequacy decisions by regulatory authorities

Security Measures

ShipConsole employs a robust Information Security Management System (ISMS) based on ISO 27001 standards. Our security practices include:

Access Controls: Role-based access, multi-factor authentication, and user activity monitoring.
Encryption: HTTPS encryption for data in transit and AES encryption for data at rest.
Data Backup and Resilience: Regular backups and disaster recovery plans ensure service continuity.
Incident Response: A dedicated incident management team promptly handles and resolves security incidents.

Data Retention

Customer Personal Data will be retained only for the duration of the Agreement or as legally required. Upon termination, data will be securely deleted or returned to the Customer.

Customer Obligations

The Customer agrees to:

Collect and process personal data lawfully before sharing it with ShipConsole.
Provide ShipConsole with clear processing instructions.
Notify ShipConsole of any changes to legal or regulatory requirements affecting data processing.

Liability and Indemnification

The Customer shall indemnify ShipConsole against any claims arising from their breach of this Addendum or applicable data protection laws. ShipConsole’s liability is limited as outlined in the Agreement.

Contact Information

For questions, concerns, or to exercise data protection rights, contact our Data Protection Officer:

Name: Srinivas Balusupati
Email: dpo@shipconsole.com

Amendments and Updates

ShipConsole reserves the right to update this Addendum to reflect changes in data protection laws or its services. Customers will be notified of significant changes.

By continuing to use ShipConsole’s services, the Customer acknowledges and agrees to the terms of this Data Protection Addendum.

Annex 1

ShipConsole Sub-processors

Name of Sub-processor	Description of Processing	Location of Sub-processor
Amazon Web Service	Managing the production, test, and development environments, including the code and databases.	USA
Jira	JIRA is used for Agile Project management	USA
Keka	HRMS tool	India
O365	Email Services	USA
Freshdesk	Freshdesk is used for ticketing management (to track the issues reported by the client)	USA
ZOHO	CRM Marketing tool	USA
Apollo.io	Sales Data Base tool	USA

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".