EcoTraceITITEN

Data Processing Addendum (DPA)

This addendum supplements the Terms and governs processing on the merchant’s behalf under GDPR Article 28.

Last updated: 13 July 2026

Privacy policyTerms of serviceData Processing Addendum (DPA)SubprocessorsSecurity and incident responseEcoTraceIT support

Subject and duration

EcoTraceIT processes technical order data and minimised destinations solely to provide the service, for the installation term and the time needed for deletion, security and legal duties.

Instructions and confidentiality

We process data only on documented merchant and Shopify instructions unless law requires otherwise. Access is restricted to authorised persons under confidentiality duties.

Measures and assistance

We use minimisation, TLS, at-rest protection, managed secrets, access separation, technical logging, patching and incident procedures. We assist with data-subject rights, assessments, breaches and authority requests.

Subprocessors

The merchant authorises the providers listed on the Subprocessors page. We will communicate material changes, and merchants may object for documented data-protection reasons.

Deletion and audits

On termination we delete or return data under merchant instructions and Shopify webhooks unless law requires retention. We provide reasonable compliance information and support agreed audits.

© 2026 EcoTraceIT · servizi alle PMI · mikforlani@gmail.com