Our privacy and the protection of your data are very important to us. You acknowledge that you have received, read in full and agree with the terms of our Privacy Policy which is hereby incorporated into this Agreement. Our Privacy Policy contains important information about the collection, use, retention and disclosure of personal information as well as other important matters and explains how and for what purposes we collect, use, retain, disclose and safeguard the information you provide to us. You also acknowledge that the Processor is required to report your business name and the name of your principals to the Member Alert To Control High-Risk merchants list of MasterCard (“MATCH List”) maintained by MasterCard and accessed and updated by American Express, VMAS database upheld by Visa Europe or to the Consortium Merchant Negative File maintained by Discover, if applicable, pursuant to the requirements of the Payment Network Rules

We will at all times comply with the provisions of applicable data protection law. If we process any personal data on your behalf when performing our obligations under this Agreement, we and you both agree that it is our intention that you shall be the data controller and we shall be the data processor in relation to that data. We shall process the personal data only in accordance with the terms of this Agreement and any lawful instructions reasonably given by you to us from time to time.

We will notify you (within a reasonable time frame) if we receive a request from a person to have access to that person’s personal data, a complaint or request relating to your obligations under applicable data protection legislation, or any other communication relating directly to the processing of any personal data in connection with this Agreement.

We will provide you with reasonable co-operation and assistance in relation to any complaint or request made in respect of any personal data processed by us on your behalf, including by providing you with details of the complaint or request, complying with any data subject access requests (within the relevant timescales set out in applicable data protection legislation) and providing you with any personal data we hold in relation to a person making a complaint or request (again, within a reasonable timescale).

You acknowledge that we are relying on you for direction as to the extent to which we are entitled to use and process the personal data you provide us with. Consequently, we will not be liable for any claim brought by a data subject arising from any action or omission by us, to the extent that such action or omission resulted from your instructions.

We will not transmit your personal information outside the European Economic Area (“EEA”) without your prior written consent except where it is transmitted to and processed on computer servers in the U.S. where such computer servers are managed and controlled by an entity that is U.S. “Safe Harbour” certified or in jurisdictions otherwise in compliance with applicable EEA data protection legislation.

You consent to the exchange of your information between the account you have established through the Shopify Services and that established under this Agreement; Shopify will comingle such accounts and refers to them, together, in this Agreement as the Shopify Payments Account.

In order to process, use, record and disclose your personal information, information related to your business and Data, we or our agents may transfer such information to and receive it from Processor, its acquiring bank or their respective agents.