This Data Processing Addendum ("DPA") applies to data processing activities performed by Shanghai Huanchuangyu Technology Co., Ltd. ("we", "us") when delivering Jilian Overseas Warehouse Management System and related services. This DPA supplements the main commercial agreement between the parties.
1. Roles and Definitions
In most cases, the customer acts as the data controller and we act as the data processor, processing data only under documented customer instructions. For Amazon SP-API data, both parties must also comply with Amazon Developer Program policies and applicable laws.
2. Processing Purposes and Scope
- Order synchronization, inventory synchronization, shipment confirmation, after-sales support, and reporting;
- Warehouse operations, fulfillment tracking, access governance, and system maintenance;
- Processing Amazon SP-API and related business data only within authorized scope.
3. Data Subjects and Data Types
Data subjects may include store operators, recipients/contacts, and customer personnel. Data may include order details, product data, inventory data, PII (name/address/phone/email), and required operational logs.
4. Customer Responsibilities
- Maintain a lawful basis and required authorization for data processing;
- Secure Amazon credentials, API keys, tokens, and account permissions;
- Notify us of authorization revocation, scope changes, or special compliance constraints.
5. Our Processing Commitments
- Process data only for contractual purposes and documented instructions;
- Do not sell customer/Amazon data or use it for unrelated advertising/marketing;
- Apply confidentiality obligations and controlled access for authorized personnel.
6. Security Measures
- Encrypted transport for platform and Amazon API communications (HTTPS/TLS);
- Least-privilege access, role separation, and audit logging;
- Data protection controls such as masking, encryption, and restricted access where needed;
- Backup, recovery, and baseline security management processes.
7. Subprocessors
Where entrusted processing components are used, we require confidentiality and security obligations aligned with this DPA and provide reasonable transparency based on the deployment model.
8. Cross-Border Transfer and Storage Location
Data location depends on deployment model (SaaS or private deployment) and customer selection. If cross-border transfer applies, parties implement contractual and legal safeguards as required by applicable law.
9. Incident Response and Notification
For suspected incidents, we activate response procedures for containment, investigation, remediation, and recovery; customer notification and cooperation are provided within legal and contractual requirements.
10. Assistance with Data Subject Requests
Upon customer instruction, we provide reasonable assistance for access, correction, deletion, export, and other lawful request workflows.
11. Retention, Return, and Deletion
Unless law requires otherwise, upon termination or authorization withdrawal we support data export and then execute deletion or anonymization based on agreed timelines, including backup lifecycle handling.
12. Audit Support
Without compromising other tenants or confidential information, we may provide security descriptions, compliance questionnaires, and summary evidence to support customer Amazon PII review and internal audits.
13. Priority and Contact
If this DPA conflicts with the main agreement on data protection topics, this DPA governs those topics. Contact: support@hcytechsoft.com