This Data Processing Agreement ("DPA") forms part of the agreement between the merchant ("Controller") and CODcheck ("Processor") governing the processing of personal data carried out by the CODcheck application ("Service") on behalf of the Controller, in accordance with Regulation (EU) 2016/679 ("GDPR").
The Controller determines the purposes and means of processing personal data relating to its customers. The Processor processes that personal data solely on documented instructions from the Controller and as necessary to provide the Service.
The Processor evaluates cash-on-delivery orders for fraud/refusal risk and contributes anonymised refusal signals to a shared anti-fraud network, in order to reduce delivery-refusal losses for the Controller.
| Data subjects | The Controller's customers who place cash-on-delivery orders. |
|---|---|
| Personal data | Order identifiers and value; and โ only where enabled โ customer name, phone number, email and shipping address. Identity fields are converted to irreversible cryptographic hashes (HMAC-SHA-256) before any network sharing. |
| Special categories | None. The Service does not process special-category data. |
The Controller authorises the Processor to engage sub-processors for hosting and error monitoring. The Processor remains responsible for their compliance and will inform the Controller of material changes.
The Processor assists the Controller in responding to data-subject requests (access, erasure, portability) via the Service's GDPR tools, and honours Shopify's customers/redact, customers/data_request and shop/redact compliance webhooks.
Personal data is retained only as long as necessary for the stated purpose and is deleted or anonymised thereafter. On uninstall, tenant data is purged following the applicable grace/compliance window.
Where personal data is transferred outside the EEA, the transfer is governed by an adequacy decision or by Standard Contractual Clauses.
This DPA is effective for the duration of the Controller's use of the Service and terminates upon deletion of all personal data processed on the Controller's behalf.