Last Updated: September 18, 2025
This Data Processing Addendum (“DPA”) forms part of the WISMOlabs SaaS Terms of Service and applies whenever WISMO Inc. (“WISMO”) processes Personal Data on behalf of a merchant client (“Client”) while providing post-purchase experience services.
1. Roles
- Client is the data controller (or “business” under the CCPA).
- WISMO is the data processor (or “service provider”).
2. Scope of Processing
- Purpose: order tracking, delivery notifications, and returns management.
- Data subjects: Client’s customers.
- Personal Data: name, email, phone number, postal/zip code, and related order-tracking details, only as needed to provide the Services.
3. Legal Compliance
WISMO will:
- Process Personal Data solely on Client instructions and for no other purpose.
- Comply with all applicable privacy laws, including GDPR, UK GDPR, CCPA, and other relevant regional laws.
- Maintain appropriate technical and organizational security measures.
4. Sub-processors
WISMO may use trusted sub-processors (e.g., Google Cloud, Amazon SES, Plivo) to deliver the Services and remains responsible for their actions. An up-to-date list is available on request.
5. Data Subject Rights & Assistance
WISMO will assist Client in responding to privacy-rights requests (access, deletion, correction, portability, etc.) as required by applicable law.
6. Data Transfers
WISMO may transfer Personal Data outside the EEA/UK in compliance with GDPR and, where required, will use EU Standard Contractual Clauses or other approved transfer mechanisms.
7. Security & Breach Notice
WISMO maintains administrative, technical, and physical safeguards appropriate to the risk and will notify Client without undue delay of any confirmed personal-data breach.
8. Return or Deletion
Upon termination of Services or Client request, WISMO will securely delete or return all Personal Data unless retention is required by law.
Contact:
Data Protection Officer
Mail: WISMO Inc., 2 King St W, Suite 7/200, Hamilton, Ontario L8P 4S0, Canada