Menu
Last updated: 18 November 2024
Upseller shall process personal data in accordance with applicable data protection legislation, the relevant Order, and written instructions of the Customer. If the written instructions provided by Customer deviate from stipulations of the Order or which impose additional restrictions shall require Upseller’s written approval.
Upseller only processes personal data in order to provide the Services to Customer as agreed in the Order and or for general service development purposes. Processed personal data includes the following categories: interaction and purchase data (e.g. basket content, timestamp) of the end users of Customer’s website and a related session ID; personal data e.g. name transferred in connection with a customer service interaction; and data anonymized from the customer data processed in the Services. Data subjects whose personal data is processed are the end users of Customer’s website and/or online store.
Personal Data will be processed only as long as it is necessary for the purpose of interaction with the end user of Customer at Customer’s website and/or online store.
Upseller shall make sure that appropriate technical and organizational measures have been implemented in accordance with data protection legislation to ensure appropriate security of personal data processed by Upseller on behalf of Customer. These measures may include, as appropriate, the pseudonymisation and encryption of personal data, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services, the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, and regularly testing, assessing and evaluating the effectiveness of the implemented technical and organisational measures.
Upseller shall inform Customer without undue delay if Upseller has noticed a data breach concerning the personal data controlled by Customer. In the event of a personal data breach, Upseller shall deliver Customer with the information as required under data protection legislation and provide Customer with the necessary and reasonable assistance in resolving the situation.
Upseller agrees to allow Customer or an independent third party appointed by Customer to conduct audits to ensure that Upseller is complying with this Data Processing Agreement and data protection legislation. Upseller shall, upon reasonable written notice by Customer, provide necessary documentation to Customer or the independent third party appointed by Customer. To the extent such documentation is not deemed sufficient to verify compliance with the data protection legislation, Upseller shall, upon Customer’s reasonable written notice, provide necessary access and allow inspection at the Upseller’s premises. Customer shall bear all direct costs related to such audits and inspections.
If Upseller receives any communications or requests from data subjects or competent data protection authorities concerning the processing of personal data on behalf of Customer, Upseller shall inform Customer and direct such communications and requests to Customer, unless prevented from doing so under data protection legislation.
Upseller shall also, to a reasonable extent, assist Customer in fulfilling its other obligations concerning the personal data processed by Upseller on behalf of Customer. Such other obligations may include assisting Customer in implementing appropriate technical and organizational measures, carrying out data protection impact assessments and requesting prior consultation from the competent data protection authorities, as well as assisting Customer in fulfilling requests made by data subjects in relation to their rights under data protection legislation. Upseller shall impose adequate contractual obligations regarding confidentiality and security upon its personnel which have been authorized to process personal data.
Customer hereby gives its consent to Upseller’s use of sub-processors specified at the website of Upseller at the given time for the processing of personal data on behalf of Customer. If Upseller intends to change or add new sub-processors, Upseller notifies Customer in advance of such changes and gives Customer an opportunity to object to such changes for a justified reason. Insofar as Customer does not object within fourteen (14) days after receipt of the notification, Customer’s right to object to the corresponding engagement lapses. If Customer objects to such change or addition in Upseller’s sub-processors, both Parties shall have the right to terminate the Order by fourteen (14) days’ prior written notice. The terms of processing Customer’s data by the relevant sub-processors are set forth in their respective data processing agreements that are available at https://www.upseller.fi/en/data-processing-agreement-en/
Upseller may transfer personal data outside the EU/EEA upon and subject to the terms and conditions set out herein. If Upseller transfers personal data as a data exporter to a country outside the EU/EEA, which is not recognized by the European Commission to have an adequate level of protection in accordance with data protection legislation, Upseller agrees to enter into supplementary agreement with the data importer containing the standard contractual clauses for the transfer of Personal Data to third countries as set forth in the European Commission Decision of 4 June 2021 (or any such standard contractual clauses amending or replacing the European Commission Decision of 4 June 2021). In such cases, Upseller shall implement necessary supplementary measures to ensure that the level of protection of personal data is not undermined as a result of the transfer.
Upon termination or expiry of the Order, Upseller shall delete personal data controlled by Customer, unless Upseller is obligated by law to further store the personal data. Upseller has no obligation to delete anonymized data that is no longer personal data.
Any claims brought under this Data Processing Agreement shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the General Terms of Services relating to the Order.
Notwithstanding the limitation of liabilities set forth herein, if a Party has in accordance with Article 82 paragraph 4 of the GDPR, paid compensation for the damage suffered by a data subject, this Party shall be entitled to claim back from the other Party involved in the same processing that part of the compensation corresponding to the other Party’s part of responsibility for the damage in accordance with the GDPR.
Start conversation that boosts your business
Let us do the work.
A turnkey service partner – not just a tech solution.
Building a digital customer experience and sales starts from understanding the customer’s behavior, customer´s needs, the company’s business goals, opportunities brought by technology and identifying available resources.
Choose an experienced partner, not just a technological platform. While we analyze, optimize and develop AI for your online channels. You can focus on growth.
The AI Driven Sales Agency