Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Controller" or "Customer") and Benedict Jaros dba Ordria ("Processor") (collectively, the "Parties").

1. Definitions

"GDPR" means the General Data Protection Regulation (EU) 2016/679.

2. Scope and Responsibility

The Processor shall process personal data on behalf of the Controller solely for the purpose of providing the Ordria service. The Controller is responsible for ensuring a legal basis for processing the data of its buyers/customers.

3. Categories of Data

The processing includes the following types of personal data:

Contact information of buyers (name, email, address) provided by the Controller.
Order details and transaction history.

4. Obligations of the Processor

The Processor agrees to:

Process personal data only on documented instructions from the Controller (i.e., this Agreement and the use of the Service).
Ensure that persons authorized to process the personal data have committed themselves to confidentiality.
Take appropriate technical and organizational measures to ensure a level of security appropriate to the risk (e.g., encryption, secure passwords).
Assist the Controller in fulfilling its obligation to respond to requests for exercising the data subject's rights.

5. Sub-processors

The Controller authorizes the Processor to engage sub-processors to support the delivery of the Service. Current sub-processors include:

PayPal (Payment Processing)
Hetzner (Server Hosting)
GitHub (Frontend Hosting)

6. Data Breaches

In the event of a personal data breach, the Processor shall notify the Controller without undue delay after becoming aware of the breach.

7. Term and Termination

This DPA is valid for the duration of the Controller’s use of the Service. Upon termination of the Service, the Processor shall delete (or return, upon request) all personal data, unless required by law to retain it.

8. Contact

Data Protection Officer / Contact: hello@ordria.com