Hello Retail

Data Processing Agreement

GDPR-compliant data processing for Hello Retail services

Last updated: January 2024

1. Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between Hello Retail A/S ("Hello Retail", "we", "us") and the customer ("Customer", "you") for the provision of Hello Retail's personalization services.

This DPA reflects the parties' agreement with respect to the processing of personal data by Hello Retail on behalf of the Customer in accordance with the requirements of Data Protection Laws, including the EU General Data Protection Regulation 2016/679 ("GDPR").

2. Definitions

  • "Data Protection Laws" means all applicable laws relating to the processing of personal data, including the GDPR and any national implementing legislation.
  • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Hello Retail on behalf of the Customer.
  • "Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • "Sub-processor" means any third party engaged by Hello Retail to process Personal Data on behalf of the Customer.

3. Scope of Processing

3.1 Subject Matter

Hello Retail processes Personal Data to provide personalization services, including product recommendations, search functionality, and behavioral analytics for ecommerce websites.

3.2 Duration

Hello Retail will process Personal Data for the duration of the service agreement, plus any retention period required by law or agreed upon in writing.

3.3 Categories of Data Subjects

The Personal Data processed relates to the following categories of data subjects:

  • Visitors to the Customer's website
  • Customers of the Customer's ecommerce store

3.4 Types of Personal Data

The types of Personal Data processed may include:

  • Browsing behavior (pages viewed, products viewed, search queries)
  • Purchase history
  • Device information (browser type, device type)
  • IP addresses (anonymized)
  • Email addresses (when provided for email personalization services)

4. Obligations of Hello Retail

4.1 Processing Instructions

Hello Retail will only process Personal Data in accordance with the Customer's documented instructions, unless required by applicable law.

4.2 Confidentiality

Hello Retail ensures that all personnel authorized to process Personal Data have committed to confidentiality obligations.

4.3 Security Measures

Hello Retail implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and testing
  • Incident response procedures
  • Employee security training

4.4 Sub-processors

Hello Retail may engage Sub-processors to process Personal Data. A current list of Sub-processors is available upon request. Hello Retail will:

  • Ensure Sub-processors are bound by written agreements with data protection obligations
  • Notify the Customer of any intended changes to Sub-processors
  • Remain liable for the acts and omissions of its Sub-processors

4.5 Data Subject Rights

Hello Retail will assist the Customer in responding to requests from data subjects exercising their rights under Data Protection Laws, including rights of access, rectification, erasure, and portability.

4.6 Data Breach Notification

Hello Retail will notify the Customer without undue delay upon becoming aware of any Personal Data breach affecting the Customer's data.

5. Data Transfers

Hello Retail primarily processes Personal Data within the European Economic Area (EEA). Where Personal Data is transferred outside the EEA, Hello Retail ensures appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other valid transfer mechanisms under GDPR

6. Data Retention and Deletion

Upon termination of the service agreement or upon request, Hello Retail will delete or return all Personal Data to the Customer, unless retention is required by applicable law.

7. Audit Rights

Hello Retail will make available to the Customer information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by the Customer or an auditor mandated by the Customer.

8. Contact Information

For questions about this DPA or our data processing practices, please contact:

Hello Retail A/S
Strandvejen 60
2900 Hellerup
Denmark

Email: privacy@helloretail.com

9. Amendments

Hello Retail may update this DPA from time to time to reflect changes in our practices or applicable laws. We will notify customers of any material changes.

Need a signed DPA?

If you require a signed copy of our Data Processing Agreement, please contact your Customer Success Manager or reach out to our team.

Request signed DPA

Related Documents

Privacy Policy Terms & Conditions Cookie Policy