Last updated: [DATE]
1. Purpose
This Data Processing Addendum ("DPA") forms part of the agreement between Parcelmind ("Processor") and the customer ("Controller") and describes how Parcelmind processes personal data — including customer names, addresses, and phone numbers — on the Controller's behalf while providing shipping automation services.
2. Definitions
Terms such as "personal data," "processing," "controller," and "processor" have the meanings given under applicable data protection law (e.g. GDPR, India's DPDP Act, or other relevant regulation). [Confirm applicable law with counsel.]
3. Roles of the parties
The Controller determines the purposes and means of processing customer order and shipment data. Parcelmind acts as a Processor, processing that data only as necessary to provide the shipping automation platform and on the Controller's documented instructions.
4. Scope and nature of processing
- Categories of data: customer name, delivery address, phone number, order details.
- Purpose: order fulfillment, courier allocation, shipment tracking, delivery notifications, and NDR/returns management.
- Duration: for the term of the underlying service agreement, plus any legally required retention period.
5. Sub-processors
Parcelmind may engage sub-processors — including courier partners and SMS/WhatsApp/email delivery providers — to perform processing activities on its behalf. [Insert your current sub-processor list.] Parcelmind remains responsible for sub-processor compliance with this DPA.
6. Security measures
Parcelmind implements technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, and regular security review, as outlined in our Privacy Policy.
7. Data subject rights
Parcelmind will assist the Controller in responding to data subject requests (access, correction, deletion) to the extent required by applicable law and technically feasible within the platform.
8. International data transfers
Where personal data is transferred across borders, Parcelmind will apply appropriate safeguards as required by applicable law. [Specify transfer mechanism, e.g. Standard Contractual Clauses, if relevant.]
9. Audit rights
The Controller may request reasonable information demonstrating Parcelmind's compliance with this DPA, subject to confidentiality obligations. [Define audit scope/frequency with counsel.]
10. Term and termination
This DPA remains in effect for as long as Parcelmind processes personal data on the Controller's behalf under the underlying service agreement.
11. Contact us
Questions about this DPA can be sent to hello@parcelmind.com.