Data Protection Addendum (DPA)
This Data Protection Addendum (“Addendum”) is a part of the Agreement between ShipConsole, a product-based shipping software provider, and its Customers. This Addendum outlines the commitments of ShipConsole to protect personal data processed while providing services to its Customers, in compliance with applicable data protection laws.
About ShipConsole
ShipConsole is an advanced shipping software solution designed to streamline and automate the shipping process for businesses. Our software integrates seamlessly with leading carriers and ERP systems, providing businesses with tools for tracking, label generation, analytics, and compliance. As a responsible data processor, we prioritize the security and privacy of the data entrusted to us.
Scope of the Addendum
This Addendum applies when ShipConsole processes personal data on behalf of its Customers in the course of delivering services. It governs ShipConsole’s obligations under applicable data protection laws, including but not limited to:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- UK Data Protection Act
- Other relevant privacy and data security regulations.
Definitions
- Customer Personal Data: Personal data provided to ShipConsole by the Customer for processing as part of the services.
- Data Protection Laws: Legal frameworks governing the processing, storage, and protection of personal data, including GDPR and CCPA.
- Processing: Any operation performed on personal data, such as collection, storage, analysis, or deletion.
- Sub-processors: Third parties engaged by ShipConsole to support service delivery and processing activities.
Roles and Responsibilities
Customer as Data Controller
The Customer determines the purposes and means of processing Customer Personal Data and is responsible for ensuring compliance with applicable laws.
ShipConsole as Data Processor
ShipConsole processes personal data solely on the instructions of the Customer and in accordance with this Addendum.
Data Processing Activities
ShipConsole processes Customer Personal Data to provide the following services:
- Shipment creation and management
- Integration with shipping carriers
- Label printing and tracking
- Analytics and reporting
The scope, nature, and duration of processing activities are defined in the Agreement.
Data Protection Obligations of ShipConsole
ShipConsole is committed to ensuring the security, privacy, and confidentiality of Customer Personal Data. To that end, we:
- Process Data Only on Instructions: Process personal data solely as directed by the Customer and for the agreed purposes.
- Confidentiality: Ensure all personnel handling Customer Personal Data are trained and bound by strict confidentiality agreements.
- Security Measures: Employ technical and organizational safeguards, such as:
- Encryption of data in transit and at rest
- Multi-factor authentication for access control
- Regular penetration testing and vulnerability assessments
- Sub-processors: Use only approved Sub-processors and notify Customers of any changes (see Sub-processors below).
- Data Breach Notification: Notify Customers promptly of any security incidents or breaches involving Customer Personal Data.
- Retention and Deletion: Retain personal data only as long as necessary to provide services or as required by law. Upon request, data is securely deleted.
Data Subject Rights and Customer Support
ShipConsole will assist the Customer in fulfilling data subject requests, including:
- Access to personal data
- Rectification or erasure of data
- Restriction or objection to processing
- Data portability
Requests related to personal data can be directed to our Data Protection Officer at
Name: Srinivas Balusupati
Email: dpo@shipconsole.com
International Data Transfers
If Customer Personal Data is transferred outside the European Economic Area (EEA), United Kingdom, or Switzerland, ShipConsole ensures compliance with applicable data transfer mechanisms, such as:
- Standard Contractual Clauses (SCCs)
- UK International Data Transfer Addendum
- Adequacy decisions by regulatory authorities
Security Measures
ShipConsole employs a robust Information Security Management System (ISMS) based on ISO 27001 standards. Our security practices include:
- Access Controls: Role-based access, multi-factor authentication, and user activity monitoring.
- Encryption: HTTPS encryption for data in transit and AES encryption for data at rest.
- Data Backup and Resilience: Regular backups and disaster recovery plans ensure service continuity.
- Incident Response: A dedicated incident management team promptly handles and resolves security incidents.
Data Retention
Customer Personal Data will be retained only for the duration of the Agreement or as legally required. Upon termination, data will be securely deleted or returned to the Customer.
Customer Obligations
The Customer agrees to:
- Collect and process personal data lawfully before sharing it with ShipConsole.
- Provide ShipConsole with clear processing instructions.
- Notify ShipConsole of any changes to legal or regulatory requirements affecting data processing.
Liability and Indemnification
The Customer shall indemnify ShipConsole against any claims arising from their breach of this Addendum or applicable data protection laws. ShipConsole’s liability is limited as outlined in the Agreement.
Contact Information
For questions, concerns, or to exercise data protection rights, contact our Data Protection Officer:
Name: Srinivas Balusupati
Email: dpo@shipconsole.com
Amendments and Updates
ShipConsole reserves the right to update this Addendum to reflect changes in data protection laws or its services. Customers will be notified of significant changes.
By continuing to use ShipConsole’s services, the Customer acknowledges and agrees to the terms of this Data Protection Addendum.
Annex 1
ShipConsole Sub-processors
Name of Sub-processor | Description of Processing | Location of Sub-processor |
---|---|---|
Amazon Web Service | Managing the production, test, and development environments, including the code and databases. | USA |
Jira | JIRA is used for Agile Project management | USA |
Keka | HRMS tool | India |
O365 | Email Services | USA |
Freshdesk | Freshdesk is used for ticketing management (to track the issues reported by the client) | USA |
ZOHO | CRM Marketing tool | USA |
Apollo.io | Sales Data Base tool | USA |