Data processing addendum
When Torevo processes personal data on behalf of a customer while providing a service, processing terms are handled through a data processing addendum or equivalent contractual documentation.
Last updated: 7 July 20261. When a DPA is used
A DPA is especially relevant for services that handle order data, customer data, shipment recipient data, store administrator data or technical data processed under customer instructions.
2. What a DPA typically covers
The document covers party roles, processing purpose and duration, data categories, customer instructions, security measures, subprocessors, data transfers, assistance with data subject rights, incidents and service termination.
3. Shopify and integration services
For Shopify projects, processing can depend on the app, carrier API, accounting system, ERP, CRM, monitoring or another integration service used. The concrete supplier list is determined by the actual service scope.
4. Security approach
When working with data, we focus on restricted access, encrypted communication, safe handling of secrets, appropriate logging and incident handling based on the risk of the specific service.
5. Requesting a DPA
If you need a DPA for a specific project or service, send a request to torevo@torevo.tech with the service description, data types and connected systems.