Privacy Policy Last Updated: November, 2024

Overview
‍
This data processing agreement (“DPA”), including the annex below, is part of our Terms, Purchase Terms and General Use Term, also referred to as ‘Subscription Services Agreement’ has and applies only to the extent stated within them (see the Privacy and data use section).

This DPA is supplemental to, and forms an integral part of, the Terms, Purchase Terms and General Use Term (”The Agreement”) and is effective upon its incorporation into The Agreement which may be specified in the Terms, Purchase Terms and General Use Term, an Order Form/MSA or an executed amendment to the Terms, Purchase Terms and General Use Term.

In case of any conflict or inconsistency with the terms of the Subscription Services Agreement/MSA, this DPA will take precedence over the terms of the The Agreement to the extent of such conflict or inconsistency.

The term of this DPA will follow the terms of the The Agreement. Terms not otherwise defined in this DPA will have the meaning as set forth in the Agreement.

1. Background
This Data Processing Agreement (“Agreement”) governs how ResellerRatings, LLC (“ResellerRatings”) processes personal data on behalf of [Client Name] (“Client”) in connection with the provision of ResellerRatings’ review, feedback, and analytics services (“Services”).
‍
Both parties intend to comply with their obligations under all applicable data-protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and the Swiss Federal Data Protection Act (FDPA).

‍2. Definitions

“Data Protection Laws” means all privacy and data-protection legislation applicable to the processing carried out under this Agreement.

‍“Personal Data,” “Processing,” “Controller,” and “Processor” have the meanings given in the GDPR.

‍“Data Subject” means the individual whose personal data is processed.

‍“Sub-processor” means a third party engaged by ResellerRatings to assist with processing activities
‍
‍3. Roles of the Parties

‍The Client acts as the Controller, determining the purposes and means of processing.

ResellerRatings acts as the Processor, processing Personal Data solely on the documented instructions of the Client.For publicly displayed reviews, fraud prevention, moderation, and syndication to third parties (e.g., Google Seller Ratings),

ResellerRatings may act as an independent controller responsible for such processing under its own Privacy Policy.

Purpose and Scope

ResellerRatings will process Personal Data solely to:

    Send review invitations;
    Collect and host review content;
    Provide analytics and insights;
    and Syndicate reviews through approved integrations.

5. Compliance and Instructions

ResellerRatings shall process data only in accordance with the Client's instructions and Data Protection Laws.

If ResellerRatings believes an instruction is unlawful, it will notify the Client.

Where legal obligations require additional processing, ResellerRatings will inform the Client ulness prohibited by law.

6. International Transfers
‍
Where data is transferred from the EEA, UK, or Switzerland to the United States or another country lacking an adequacy decision, ResellerRatings shall ensure a lawful transfer mechanism, including:

The Standard Contractual Clauses (SCCs) (Module Two – Controller to Processor, EU Decision 2021/914);
The UK International Data Transfer Addendum; and The Swiss Addendum, as applicable.

The details required for Annex of the SCCs (description of transfer, security measures, and sub-processors) are set out in Annex A of this DPA.

7. Confidentiality
All ResellerRatings personnel authorized to process Personal Data are bound by written or statutory confidentiality obligations.

‍8. Security Measures
ResellerRatings will maintain appropriate technical and organizational measures designed to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.These include:Encryption in transit and at rest;Role-based access controls;Activity logging and monitoring;Regular security reviews and incident-response procedures.

‍9. Sub-Processors
ResellerRatings may engage sub-processors to support service delivery.All sub-processors are bound by contracts imposing equivalent data-protection obligations.
‍
https://learn.resellerratings.com/en/knowledge/resellerratings-data-subprocessors

ResellerRatings will provide notice of new or replacement sub-processors, and the Client may raise documented, reasonable objections based on data-protection grounds. ResellerRatings remains responsible for its sub-processors.

‍10. Data-Subject Rights
ResellerRatings will, where technically feasible, assist the Client in responding to requests for access, correction, deletion, or restriction of Personal Data.If ResellerRatings receives a request directly from a data subject related to the Client’s data, it will redirect the request to the Client unless legally required to respond.

‍11. Personal Data Breaches
In the event of a confirmed Personal Data breach, ResellerRatings will notify the Client without undue delay after becoming aware of it and provide available details to enable the Client to meet its reporting obligations.

‍12. Audits and Verification
Upon reasonable written request and no more than once per year, the Client may verify ResellerRatings’ compliance with this Agreement through review of documentation or responses to a security questionnaire.If a more detailed assessment is required, the parties will agree on scope and confidentiality terms in advance.

‍13. Retention and Deletion
Upon termination of Services or at the Client’s request, ResellerRatings will delete or return Personal Data processed on behalf of the Client, unless retention is required by law or necessary to maintain published reviews.Where possible, data retained for legal or analytical purposes will be anonymized.

‍14. Government or Legal Requests
If ResellerRatings receives a lawful request for disclosure from a government or regulatory authority, it will, where permitted, promptly inform the Client and limit disclosure to what is strictly required by law.

‍15. Liability and Indemnity
Each party’s liability under this Agreement is subject to the limitations of liability set out in the main commercial Agreement, except where prohibited by law.

‍16. Governing Law
This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to its conflict-of-law provisions.For data originating from the EEA, UK, or Switzerland, ResellerRatings will comply with the GDPR, UK GDPR, and FDPA as applicable, but such laws do not confer governing-law or forum-selection rights for disputes.
‍
Disputes shall be resolved per the dispute-resolution terms in the main Agreement.

7. Duration
This Agreement remains effective for as long as ResellerRatings processes Personal Data on behalf of the Client.

‍18. Contact
‍
Data Protection Officer (DPO)📧 privacy@resellerratings.com


ANNEX A — DESCRIPTION OF PROCESSING
‍
Purpose of Processing
‍
ResellerRatings provides review, feedback, and analytics services to business clients.This includes:Sending review-invitation emails on behalf of the client to their verified customers;Hosting and moderating reviews submitted by those customers;Displaying and syndicating review content across partner networks (for example, Google Seller Ratings and other authorized data channels); andProviding the client with reporting, benchmarking, and sentiment-analysis tools derived from those reviews.
‍
Processing is limited to data required for these activities and performed solely under the client’s documented instructions.
‍
Categories of Data Subjects

End customers or consumers of the client

Categories of Personal Data

Customer name;
Email address;
Order, invoice, or transaction reference number;

Special Categories of Personal Data
‍
ResellerRatings does not intentionally collect or process special-category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health, or biometric data).
If such information is voluntarily included by a reviewer within free-text fields, it is processed only incidentally and not used or analyzed for any purpose.

Nature and Frequency of Processing

Automated and electronic processing for data import, storage, review solicitation, analytics, and publication.Continuous or periodic transfers, depending on the client’s integration and use of ResellerRatings’ Services.Duration of Processing
‍
Personal data is processed for the duration of the commercial relationship between ResellerRatings and the client, or until the client requests deletion. Certain data (for example, published reviews) may be retained as necessary for legal, transparency, or archival obligations.

SubProcessors

https://learn.resellerratings.com/en/knowledge/resellerratings-data-subprocessors