2. Who is PDQ?
PDQ is a platform enabling the fulfillment and shipping order process for its customers (the “Services”)
3. Which Information may PDQ process?
During and as part of the use of PDQ Services, PDQ processes various personal data information related to the customer (i.e., information regarding the persons who are the recipients of the shipped orders). This Section 3 concerns the relationship between the customer, as the Data Controller, and PDQ, as the Data Processor, in connection with the applicable personal data regulations.
It is hereby acknowledged by the customer that PDQ, as part of the customer subscription to PDQ Services, has access, on behalf of the customer, the Data Controller, to process (i) the name and address of the recipient of the consignments, (ii) information regarding the individual type of item shipping and the value/price of such item. In addition, as part of the Services, PDQ stores the processed information, and similarly the customer may exchange information with applicable third parties in the form of delivery companies that the customer uses, and possibly with the customs authorities (if the consignments are cross-border).
4. How do PDQ collect Personal Data Information?
4.1. PDQ collect information via customer entry, connection, access and/or use of the Services. In other words, when customer access or use the Services, PDQ are aware of customer usage of the Services, and may gather, collect and record the information related to such usage. For example, when customer use the Services, PDQ collect your IP address and other online identifiers.
4.2. PDQ collect information which customer provide PDQ voluntarily. For example, PDQ collect personal data information that customer provides via the Services, such as the details provided when opening an account to use the Services.
4.3. PDQ collect information provided by PDQ via the Services as part of the Customer Content. Personal data Information may be provided to PDQ as part of any customer content uploaded in the context of customer use of the Services (e.g., personal data information included in the testing environment, where a test is being conducted).
5. What are the Purposes of the Collection and Processing of Personal Data Information?
5.1. in order to manage the customer’s fulfillment and shipping process.
5.2. PDQ may only process personal data information to the extent necessary and permitted by applicable law for the operation of the Services and/or otherwise if so required by law.
5.3. It is hereby acknowledged by the customer that delivery companies to which the customer’s personal data is disclosed during the Services are the customer’s data processors, and not PDQ’s data processors. PDQ has only an intermediary function in this regard.
6.1. PDQ is allowed to process the personal data information in accordance with the instructions of the customer, i.e., the instructions set forth in PDQ’s solution pursuant to which. PDQ shall manage the fulfillment and shipping process for the customer.
6.2. PDQ is required to comply with the currently applicable privacy laws and shall notify the customer immediately if an instruction from the customer is, in PDQ’s opinion, contrary to the General Data Protection Regulation (the “GDPR”).
6.3. PDQ shall use appropriate security measures to ensure that the personal data is processed is not lost, degraded, destroyed or disclosed to unauthorized bodies, misused, or otherwise processed in breach of privacy legislation, and therefore PDQ will implement the security measures in accordance with Article 32 of the GDPR. PDQ shall, upon Customer’s request, provide the customer with reasonable, but sufficient information to ensure that PDQ has taken the necessary security measures. TO THE EXTENT THAT PDQ IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, PDQ SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION INCLUDED IN THE PERSONAL DATA INFORMATION.
6.4. PDQ shall ensure that the individuals who will process the personal data information on behalf of PDQ will commit themselves to confidentiality obligations or are bound by an appropriate statutory professional secrecy obligation.
6.5. In accordance with Article 28 of the GDPR, PDQ shall allow, and shall contribute to audits, including inspections carried by the customer (or on the customer’s behalf). It is hereby acknowledged by the customer that the customer shall bear all expenses occurred in such process. PDQ will provide all necessary information in order to demonstrate that PDQ complies with such Article 28.
6.6. PDQ shall promptly inform the customer in the occurrence of data breach with respect to: (i) the nature of such data breach, (ii) if applicable, the type and number of affected data subjects, as well as the type of personal data concerned and the number of records of personal data concerned, (iii) the measures taken and/or proposes to be taken by PDQ in order to deal with such data breach, including, without limitation, measures to limit PDQ’s potential adverse effects, and (iv) the probable consequences of such data breach.
6.7. If a data subject request from PDQ for access into data subject’s personal data, then PDQ shall immediately deliver such request to the customer. PDQ will assist the customer with the fulfillment of the customer’s obligations to respond the data subject’s requests to exercise its rights as set forth in Chapter III of the GDPR.
7. Sharing Personal Data with Third Parties.
7.1. PDQ shall not transfer personal data information to countries which the EU Commission has not assessed as safe countries.
7.2. PDQ is entitled to disclose personal data information to the customer’s other data processors (delivery companies), and PDQ is entitled to exchange personal data information with the customs authorities.
7.3. In all other cases, PDQ may only disclose or transfer personal data information to third parties or sub-processors with the prior agreement with the customer. To the contrary, the customer may disclose or transfer personal data information without PDQ’s instructions, to the extent permitted by law.
7.4. PDQ shall notify the customer if PDQ has plans to extend its circle of sub-processors and/or to replace existing sub-processors.
8. Location of the Customers’ Personal Data Information
8.3. THE CUSTOMER, BY SUBMITTING ITS PERSONAL DATA INFORMATION, THROUGH THE SERVICES, ACKNOWLEDGE, AND AGREE, IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL DATA INFORMATION.
9.2. Further, in the event of termination, PDQ shall delete any backups and other copies of personal data originating from the customer.