Skip to main content

    LimeSpot Data Processing Agreement

    Last Updated: May 10, 2024

    This Data Processing Agreement ("DPA") forms part of the agreement between LimeSpot Solutions Inc. ("LimeSpot", "we", "us", or "our") and the Client ("you" or "Client") for the provision of LimeSpot services. This DPA sets out the terms governing the processing of personal data by LimeSpot on behalf of the Client.

    1. Definitions

    "Personal Data" means any information relating to an identified or identifiable natural person that is processed by LimeSpot in connection with providing services to the Client.

    "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.

    "Data Controller" means the Client, who determines the purposes and means of processing Personal Data.

    "Data Processor" means LimeSpot, who processes Personal Data on behalf of the Data Controller.

    "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.

    "Sub-processor" means any third party engaged by LimeSpot to process Personal Data on behalf of the Client.

    2. Scope and Purpose

    LimeSpot processes Personal Data solely to provide personalization and recommendation services to the Client. The types of Personal Data processed may include:

    • Shopper browsing behavior and product interactions
    • Purchase history and order information
    • Email addresses (for personalization purposes)
    • Device and browser information
    • Geographic location data

    3. Client Obligations

    The Client agrees to:

    • Ensure lawful collection and processing of Personal Data
    • Obtain necessary consents from Data Subjects
    • Provide appropriate privacy notices to Data Subjects
    • Notify LimeSpot of any changes affecting data processing
    • Respond to Data Subject requests in a timely manner

    4. LimeSpot Obligations

    LimeSpot agrees to:

    • Process Personal Data only on documented instructions from the Client
    • Ensure personnel are bound by confidentiality obligations
    • Implement appropriate technical and organizational security measures
    • Assist the Client in responding to Data Subject requests
    • Delete or return Personal Data upon termination of services
    • Make available information necessary to demonstrate compliance

    5. Data Subject Rights

    LimeSpot will assist the Client in fulfilling obligations to respond to Data Subject requests, including requests for:

    • Access to Personal Data
    • Rectification of inaccurate data
    • Erasure of Personal Data
    • Restriction of processing
    • Data portability
    • Objection to processing

    Data Subjects may contact LimeSpot's Data Protection Officer at [email protected] for any inquiries.

    6. Sub-processors

    LimeSpot may engage Sub-processors to assist in providing services. LimeSpot maintains a list of current Sub-processors and will notify the Client of any intended changes. Sub-processors are bound by data protection obligations substantially similar to those in this DPA.

    Current Sub-processors include:

    • Microsoft Azure (cloud infrastructure and data storage)
    • Analytics and monitoring service providers

    7. Security Measures

    LimeSpot implements appropriate technical and organizational measures, including:

    • Encryption of Personal Data in transit and at rest
    • Access controls and authentication mechanisms
    • Regular security assessments and audits
    • Incident response and breach notification procedures
    • Employee training on data protection

    8. Data Breach Notification

    In the event of a Personal Data breach, LimeSpot will notify the Client without undue delay and provide information about the nature of the breach, categories of data affected, and measures taken to address it.

    9. International Data Transfers

    Personal Data may be transferred to and processed in the United States, Canada, or Europe. LimeSpot ensures appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

    10. Data Retention

    LimeSpot retains Personal Data only for as long as necessary to provide services or as required by law. Upon termination of services, LimeSpot will delete or return Personal Data within 90 days unless retention is required by law.

    11. Audit Rights

    Upon reasonable request and subject to confidentiality obligations, LimeSpot will make available information necessary to demonstrate compliance with this DPA and allow for audits conducted by the Client or an appointed auditor.

    12. Contact Information

    For questions about this DPA or data protection practices:

    Data Protection Officer: [email protected]

    Legal inquiries: [email protected]

    Related Documents: Privacy Policy | Terms of Service | GDPR and LimeSpot