This Data Processing Addendum (“DPA”) forms part of the WrapKu Terms of Service between WrapKu LLC (“WrapKu”) and the shop, business, or organization that has accepted or is otherwise bound by the Terms (“Customer”). The person accepting this DPA for Customer represents that the person has authority to bind Customer. This DPA applies only when WrapKu processes personal information on Customer’s behalf.
- Process personal information only according to Customer’s documented instructions, except where law requires otherwise.
- Ensure that people authorized to process personal information are subject to confidentiality obligations.
- Maintain reasonable administrative, technical, and organizational safeguards appropriate to the nature and risk of the information.
- Reasonably assist Customer with applicable privacy requests.
- Reasonably assist Customer with security, breach-notification, and data-protection-assessment obligations, considering the nature of processing and information available to WrapKu.
- Make information reasonably necessary to demonstrate compliance with this DPA available to Customer upon reasonable request.
- Not sell Customer personal information or use it for cross-context behavioral advertising.
- Not combine Customer personal information with personal information received from another customer except as permitted by applicable law and necessary to provide the Service.
WrapKu may create and use aggregated or deidentified information that cannot reasonably identify Customer or another individual. WrapKu will not attempt to reidentify information it treats as deidentified.
Stripe may act as an independent controller, payment processor, or service provider depending on the specific payment activity and is also governed by its own agreements and privacy practices. Stripe is not treated solely as a WrapKu subprocessor for all payment activities.