Data Processing Addendum (DPA)
Effective Date: October 2025
1. Introduction
This Data Processing Addendum (“Addendum”) supplements the Terms of Service and Privacy Policy of Martin Gardemann – Synplex (“Synplex,” “we,” “us,” or “our”) and applies to the processing of personal data of merchants (“Customer”) and their end customers through any Synplex-branded Shopify applications (“Apps”).
2. Definitions
- Agreement: Terms of Service and Privacy Policy governing Synplex Apps.
- Customer Data: Personal data provided by Customer or collected on their behalf.
- Data Protection Laws: Applicable laws regarding data protection, including GDPR.
- Processor: Synplex acting on behalf of Customer under GDPR.
- Controller: Customer, responsible for purposes and means of data processing.
- End-Customer Data: Non-identifiable order data (order number, items, quantities, warehouse) used for aggregated analytics.
- Sub-processor: Any third party engaged to assist in processing Customer Data.
3. Roles and Responsibilities
The Customer remains the Controller of all Customer Data. Synplex acts exclusively as Processor, processing Customer Data according to Customer instructions and the purposes described in this Addendum. End-Customer Data is used only to provide App functionality and aggregate analytics (sales per SKU, warehouse, day). No personally identifiable information of end customers is stored.
4. Sub-Processing
Synplex may engage sub-processors to provide hosting, analytics, and other operational services. All sub-processors are bound by GDPR-compliant agreements, and Synplex remains responsible for their compliance.
| Sub-Processor | Role in Processing | Location |
|---|---|---|
| Gadget.dev | Primary Application Hosting & Platform Operations | USA/Canada |
| Render.com | Database Infrastructure | USA |
| Vercel Inc. | Website & UI Component Hosting | USA |
| Sentry.io | Real-time Error Logging | USA |
Customers will be informed of new sub-processors via updates to the Privacy Policy or direct communication.
5. Security Measures
Synplex implements appropriate technical and organizational measures (TOMs) to protect Customer Data, including:
- Encryption in transit and at rest
- Access controls and authentication
- Regular system monitoring and backups
- Security incident management procedures
6. Data Retention and Deletion
Customer Data will be automatically deleted upon deinstallation of the Apps. End-Customer Data is never stored in personally identifiable form. Aggregated analytics may be retained for operational purposes.
Upon termination of the Agreement or deletion requests, Synplex will promptly delete all remaining Customer Data unless otherwise legally required to retain it.
7. Data Subject Rights and Assistance
The Customer remains responsible for handling requests from their end customers regarding data subject rights.
Synplex will provide reasonable assistance to enable the Customer to respond to requests, audits, or inquiries under GDPR.
8. International Transfers
Synplex may transfer Customer Data to sub-processors or services outside the EU/EEA. Transfers are safeguarded by mechanisms such as EU Standard Contractual Clauses (SCCs) or equivalent legal frameworks.
9. Liability
Synplex shall only process Customer Data as instructed and is not liable for processing outside the scope of the Customer’s instructions. Synplex ensures sub-processor compliance but remains responsible under GDPR for acts or omissions.
10. Term
This Addendum remains in effect for the duration of the Agreement and for as long as Synplex processes Customer Data on behalf of the Customer.
Legal Entity and Brand
Legal Entity: Martin Gardemann – Synplex
Website / Brand: Synplex