Payemoji Data Processing Addendum
Last updated: July 25th, 2024
1. DEFINITIONS
1.1 “Customer” means a business that has purchased the Services and is party to the Agreement.
1.2 “Customer Data” means all data or information submitted by or on behalf of the Customer to the Service.
1.3 “Data Protection Legislation” means law, regulations and guidance from time to time relating to data protection and rights of privacy, including the Data Protection Act 2018, the UK General Data Protection Regulation (Reg. 2016/679)(“UK GDPR”), General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 and all other national law in the relevant jurisdiction and any and all supplementary or replacement law relating to any of the foregoing.
1.4 “Data Processor”, “Data Controller”, “Data Subject”, “Subprocessor”, “Processing”, and “Supervisory Authority” shall be interpreted in accordance with the GDPR;
1.5 “GDPR” means General Data Protection Regulation, a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area.
1.6 “Personal Data” as used in this Addendum means information that relates to, or could reasonably be linked with, to an identifiable or identified Data Subject who visits or engages in transactions through your eCommerce store (a “Customer”), or information which relates to, or could reasonably be linked with you, which Payemoji processes as a Data Processor or Service Provider while providing you with our Services.
1.7 “Data Subject Request” as used in this Addendum means a request for access, erasure, rectification, or portability of your or your Customer’s Personal Data;
1.8 “End Users” means a person who receives or makes use of the Services provided by the Customer.
1.9 "Services" means the conversational commerce services provided by Payemoji. and
1.8 All other capitalized terms in this Addendum shall have the same definition as in the Agreement.
2. DATA PROTECTION
2.1 For purposes of this Addendum, Payemoji is a Data Processor that processes certain Personal Data on behalf of Customer, who is the Data Controller. Under Data Protection and Privacy Legislation, the term Data Controller is defined as the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of personal data, and the term Data Processor is defined as a natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.
2.2 Payemoji shall comply with all Data Protection and Privacy Legislation applicable to its processing of Personal Data. This Agreement also forms a Data Protection Agreement between the Customer, the controller, and Payemoji, the processor as required by Article 28 of the GDPR.
2.3 Customer Responsibilities. Customer’s instructions to Payemoji for the processing of Personal Data shall comply with all applicable Data Protection and Privacy Legislation. The Customer will have sole responsibility for the accuracy, quality, and legality of Personal Data and how the Customer acquired Personal Data. The Customer shall ensure that it is entitled to transfer the Personal Data to the Payemoji so that the Payemoji may lawfully process the Personal Data in accordance with this Agreement on Customer’s behalf.
2.4 When Payemoji Processes Personal Data in the course of providing the Services, Payemoji will:
2.4.1 Process the Personal Data as a Data Processor and/or Service Provider, only for the purpose of providing the Services;
2.4.2 Payemoji will ensure that appropriate measures shall be taken against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of Personal Data.
2.4.3 Payemoji ensures that any person(s) or any sub-processor(s) processing Personal Data is subject to a duty of confidentiality and complies with the Data Protection and Privacy Legislation.
2.4.4 Payemoji shall obtain consent from the Customer before engaging a sub-processor, and such consent cannot be unreasonably withheld or delayed by the Customer.
2.4.5 Payemoji shall be responsible for any Subprocessors compliance with the requirements of this Agreement.
2.4.6 Payemoji ensures that only those personnel have an explicit business purpose in processing live data shall have access to it. For the avoidance of doubt, Payemoji will ensure that all Customer data is processed within the European Union.
2.4.7 Payemoji cannot guarantee that your Personal Data is secure when it is sent or transferred by unsecured means.
2.4.8 Payemoji is required to make use of data (which may include Personal Data) sent from End-Users to perform the service(s) under this Agreement.
2.4.9 Payemoji shall promptly refer all Data Subject Requests, enquiries and complaints to the Customer, and assist the Customer with fulfilling its obligations to respond to any request, enquiry, or complaint.
2.4.10 Payemoji shall promptly refer any correspondence or communication from a Regulator regarding processing Personal Data or either party’s compliance with the Data Protection and Privacy Legislation.
2.4.11 Payemoji shall promptly inform the Customer of any breach of Personal Data, and assist the Customer to comply with its obligations under the applicable Data Protection and Privacy Legislation in handling a breach.
2.4.12 Payemoji shall have adequate measures are implemented to maintain the accessibility, availability, integrity, confidentiality, privacy and safety of any Personal Data.
2.4.13 Payemoji will assist the Customer to comply with Data Protection and Privacy Legislation.
2.5 Data Retention. On the completion of a Customer contract or on the data controller’s instruction, Payemoji will delete or return the Personal Data received from the controller, in line with the Payemoji’s Data Retention Policy. Payemoji will make available to the Controller all information necessary to demonstrate compliance with Article 28 of the GDPR. Please see our privacy policy for more information on our Data Retention polices.
2.6 Use of Personal Data. Payemoji may collect and process Personal Data in relation to the Service, for example.
2.6.1 Each Account will require a business name, business address and in case of WhatsApp will require Meta (Facebook) business manager identification to setup the Service.
2.6.2 Customer admin portal requires an email address to receive alerts and updates from the service.
2.6.3 End-User’s that use the service, will have their phone number, time, date, and conversations with the Service recorded.
2.6.4 Payemoji may disclose such data, which may include Personal Data to a court or law enforcement, Customer shall be consulted a minimum of three business days in advance of such disclosure.
2.6.5 Unless otherwise agreed, in no event shall Payemoji be liable for costs in a breach of Personal Data.
3. MISCELLANEOUS
3.1 In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail.
3.2 For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement.
3.3 You acknowledge and agree that Payemoji may amend this Addendum from time to time by posting the amended and restated Addendum here and such amendments to the Addendum are effective as of the date of posting.
3.4 Your continued use of the Services after the amended Addendum is posted to Payemoji’s website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, you may terminate this agreement in accordance with our Terms of Service.
3.5 Unless specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum.
3.6 If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.
3.7 The terms of this Addendum shall be governed by and interpreted in accordance with the laws of the Ireland, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the Ireland with respect to any dispute or claim arising out of or in connection with this Addendum.