This Data Processing Agreement (DPA) applies where Plaza Store processes personal data on your behalf as a data controller.
1. Definitions
Controller: the customer (you). Processor: Plaza Store. Personal Data: any information relating to an identified or identifiable person processed in connection with the service.
2. Processing Instructions
Plaza Store processes personal data only on documented instructions from the controller. These instructions are defined by your configuration of the service.
3. Sub-processors
We use sub-processors for hosting (Contabo), payments (Stripe/PayTabs), email (Postmark), and analytics (self-hosted). A full list is available on request. New sub-processors are notified 30 days in advance.
4. Security Measures
We implement technical and organisational measures including encryption at rest and in transit, access controls, audit logging, and isolated tenant databases.
5. Data Subject Rights
We assist you in responding to data subject requests (access, rectification, erasure, portability) within 72 hours of your request.
6. Breach Notification
We will notify you of a personal data breach within 72 hours of becoming aware of it, to the extent practicable.
7. Data Transfers
Data is stored in the EU (Frankfurt) by default. Egyptian and Saudi data residency is available for Enterprise. Transfers to third countries are covered by Standard Contractual Clauses.
Questions about this document? Contact our legal team