Data Processing Agreement

Last Updated: January 6, 2025

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service between ReportZapp (“Processor”, “we”, “us”) and the customer entity (“Customer”, “Controller”) governing the processing of Personal Data in connection with the use of the ReportZapp platform.

This Agreement is intended to satisfy applicable data protection laws, including the GDPR and Amazon Selling Partner API (SP-API) Data Protection requirements.

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person processed under this Agreement.
  • “Customer Personal Data” means Personal Data processed by ReportZapp on behalf of the Customer.
  • “Amazon SP-API Data” means data accessed via the Amazon Selling Partner API, including order, shipment, buyer, or related data.
  • “Processing” has the meaning given under applicable data protection laws.

2. Roles of the Parties

The Customer is the data controller of Customer Personal Data.

ReportZapp acts as a data processor and processes Personal Data solely on documented instructions from the Customer, including as required to provide the services.

3. Scope and Purpose of Processing

ReportZapp processes Customer Personal Data only for:

  • Providing analytics, reporting, and operational insights requested by the Customer
  • Supporting Amazon Seller Central and SP-API–based functionality
  • Fulfilling contractual obligations under the applicable service agreement

Amazon SP-API Data

Where the Customer authorizes ReportZapp to access data via the Amazon Selling Partner API (SP-API), such data shall be treated as Customer Personal Data and processed solely in accordance with the Customer’s instructions and this Agreement.

ReportZapp shall not use Amazon SP-API data for advertising, profiling, resale, or any secondary purpose.

4. Processing Instructions

ReportZapp shall process Customer Personal Data only:

  • In accordance with this Agreement
  • As necessary to provide the services
  • As required by applicable law (with notice to the Customer where legally permitted)

5. Confidentiality

ReportZapp ensures that all personnel authorized to process Customer Personal Data are bound by confidentiality obligations and receive appropriate data protection training.

6. Security Measures

ReportZapp implements appropriate technical and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

Security measures include, but are not limited to:

  • Role-based access controls
  • Encrypted data transmission where applicable
  • Secure cloud infrastructure
  • Monitoring and access logging

7. Logging and PII Handling

Operational and security logs are designed to exclude Personal Data wherever possible. Personally Identifiable Information (PII) is not intentionally stored in application or system logs.

 

8. Sub-Processors

ReportZapp may engage sub-processors to assist in providing the services, including cloud hosting, infrastructure, monitoring, and communication providers.

All sub-processors are contractually bound by data protection obligations consistent with this Agreement. A list of sub-processors is available upon request.

9. Data Retention and Deletion

Customer Personal Data shall be retained only for the duration necessary to provide the services or as required by law.

Upon termination of the services or at the Customer’s request, ReportZapp shall delete or return Customer Personal Data in accordance with documented retention policies and applicable legal requirements.

10. Data Subject Rights

ReportZapp shall reasonably assist the Customer in fulfilling requests from data subjects to exercise their rights under applicable data protection laws, including access, correction, and deletion requests.

11. Personal Data Breach Notification

ReportZapp shall notify the Customer without undue delay upon becoming aware of a Personal Data breach affecting Customer Personal Data, including Amazon SP-API data.

12. Cross-Border Data Transfers

Customer Personal Data may be processed in regions where ReportZapp or its sub-processors operate, subject to appropriate contractual safeguards and compliance with applicable data protection laws.

13. Audits and Compliance

Upon reasonable request, ReportZapp shall make available information necessary to demonstrate compliance with this Agreement and applicable data protection obligations.

14. Precedence

In the event of any conflict between this Agreement and the Terms of Service, this Data Processing Agreement shall prevail with respect to data protection obligations.

15. Contact Information

For data protection inquiries, please contact:

📩 For inquiries, contact email: hello@reportzapp.com

This DPA should be read alongside our  Privacy Policy and  Cookie Policy, which together form our full data protection framework.