Data Processing Addendum (DPA)

Last Updated
May 12, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service ("Agreement") between You ("Controller" or "Merchant") and LinkSyncSell ("Processor" or "LinkSyncSell").

This DPA applies where LinkSyncSell processes Personal Data on behalf of Merchant in connection with the Services.

1. DEFINITIONS

For purposes of this DPA:

1.1 "Applicable Data Protection Laws"
Means all applicable laws relating to privacy, data protection, and processing of Personal Data, including:

Regulation (EU) 2016/679 ("GDPR")
UK GDPR
Swiss data protection laws
California Consumer Privacy Act, as amended ("CCPA/CPRA")
Other applicable global privacy laws

1.2 "Personal Data"
Means information relating to an identified or identifiable natural person that LinkSyncSell processes on behalf of Merchant.

1.3 "Processing"
Has the meaning given under Applicable Data Protection Laws.

1.4 "Services"
Means the LinkSyncSell platform and other services provided under the Agreement.

2. SCOPE AND ROLES OF THE PARTIES

2.1 Roles
The parties acknowledge that:

Merchant acts as the Controller
LinkSyncSell acts solely as the Processor

LinkSyncSell shall process Personal Data:

only on documented instructions from Merchant,
as necessary to provide the Services,
and in accordance with this DPA and Applicable Data Protection Laws.

2.2 Merchant Instructions
Merchant instructs LinkSyncSell to process Personal Data as necessary to:

provide and maintain the Services,
synchronize data across connected platforms,
provide support and troubleshooting,
monitor, secure, and improve the Services,
comply with applicable law.

Merchant's use of the Services constitutes documented instructions.

3. NATURE AND PURPOSE OF PROCESSING

LinkSyncSell processes Personal Data for the following purposes:

synchronizing product, pricing, inventory, and order information;
integrating with ecommerce marketplaces and third-party platforms;
providing analytics and operational reporting;
maintaining platform security and reliability;
providing technical support;
detecting and preventing fraud, abuse, and security incidents;
providing the Services.

4. TYPES OF PERSONAL DATA AND DATA SUBJECTS

4.1 Categories of Data Subjects
May include:

Merchant customers
Merchant employees
Merchant representatives
End users of Merchant storefronts

4.2 Categories of Personal Data
May include:

names
email addresses
phone numbers
shipping and billing information
order and transaction data
product and inventory information
IP addresses
device and usage data

LinkSyncSell does not intentionally process special categories of personal data unless explicitly authorized by Merchant.

5. MERCHANT RESPONSIBILITIES

Merchant represents and warrants that:

it has all necessary rights, consents, and lawful bases to disclose Personal Data to LinkSyncSell;
it complies with Applicable Data Protection Laws;
its instructions to LinkSyncSell are lawful;
it has provided all required notices to data subjects.

Merchant is solely responsible for:

its relationship with data subjects;
responding to data subject requests, except as otherwise required under this DPA.

6. CONFIDENTIALITY

LinkSyncSell shall ensure that persons authorized to process Personal Data:

are subject to confidentiality obligations; or
are under an appropriate statutory or other legal obligation of confidentiality.

7. SECURITY MEASURES

7.1 Security Program
LinkSyncSell shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against:

unauthorized or unlawful processing;
accidental loss;
destruction;
damage;
alteration;
disclosure.

Such measures may include:

access controls;
authentication mechanisms;
encryption where appropriate;
network and infrastructure security;
logging and monitoring;
vulnerability management;
incident response procedures.

8. SUBPROCESSORS

8.1 General Authorization
Merchant grants LinkSyncSell general authorization to engage subprocessors.

8.2 Subprocessor Obligations
LinkSyncSell shall:

impose data protection obligations on subprocessors that are substantially similar to those set forth in this DPA;
remain responsible for the performance of its subprocessors.

Subprocessors may include:

cloud infrastructure providers;
hosting providers;
analytics providers;
customer support vendors;
integration and communications providers.

9. INTERNATIONAL DATA TRANSFERS

LinkSyncSell may transfer Personal Data internationally as necessary to provide the Services.

Where required under Applicable Data Protection Laws, such transfers shall be subject to:

Standard Contractual Clauses approved by the European Commission;
the UK International Data Transfer Addendum;
or another lawful transfer mechanism.

10. ASSISTANCE WITH DATA SUBJECT REQUESTS

Taking into account the nature of processing, LinkSyncSell shall provide reasonable assistance to Merchant in responding to requests from data subjects, including requests relating to:

access;
deletion;
correction;
restriction;
portability;
objection.

Merchant remains responsible for:

verifying the identity of requestors;
responding to data subjects.

11. SECURITY INCIDENTS

11.1 Notification
LinkSyncSell shall notify Merchant without undue delay after becoming aware of a confirmed Personal Data breach affecting Merchant Personal Data.

11.2 Cooperation
LinkSyncSell shall provide reasonable information available to it to assist Merchant in meeting breach notification obligations.

12. COMPLIANCE ASSISTANCE

Taking into account the nature of processing and information available to LinkSyncSell, LinkSyncSell shall provide reasonable assistance to Merchant with obligations relating to:

security of processing;
breach notifications;
data protection impact assessments;
consultations with supervisory authorities.

13. DELETION AND RETURN OF DATA

Upon termination of the Services, LinkSyncSell shall, upon Merchant's request:

delete; or
return

Personal Data, unless retention is required by law or necessary for legitimate business recordkeeping, security, or dispute resolution purposes.

14. AUDIT RIGHTS

14.1 Audit Requests
Merchant may request reasonable information necessary to demonstrate LinkSyncSell's compliance with this DPA.

14.2 Audit Limitations
To the extent an audit is required:

audits must be reasonable in scope;
conducted no more than once annually unless legally required;
conducted during normal business hours;
not unreasonably interfere with LinkSyncSell's operations;
be subject to appropriate confidentiality obligations.

LinkSyncSell may satisfy audit obligations through:

security documentation;
certifications;
third-party audit reports;
questionnaires.

Merchant shall bear audit costs unless a material compliance violation is identified.

15. CCPA / CPRA TERMS

To the extent applicable under California law:

LinkSyncSell acts as a "Service Provider" and/or "Contractor."
LinkSyncSell shall not:
- sell Personal Data;
- share Personal Data for cross-context behavioral advertising;
- retain, use, or disclose Personal Data outside the business relationship with Merchant except as permitted by law.

LinkSyncSell may use Personal Data for:

providing and improving the Services;
internal operations;
security and fraud prevention;
legal compliance.

16. LIABILITY

The liability of each party under this DPA shall be subject to the exclusions and limitations of liability set forth in the Agreement.

17. ORDER OF PRECEDENCE

In the event of conflict between:

this DPA; and
the Agreement,

this DPA shall control with respect to data protection matters.

18. TERM

This DPA remains in effect for as long as LinkSyncSell processes Personal Data on behalf of Merchant.

19. GOVERNING LAW

This DPA shall be governed by the governing law specified in the Agreement.