Oodles Data Processing Agreement (DPA)
Last Updated: January 1, 2025
This Data Processing Agreement (“DPA”) is entered into by and between FuelSignal, Inc. DBA Oodles (“Processor”) and the merchant (“Controller”) using the Oodles platform. This DPA outlines the terms regarding data protection, privacy, and responsibilities related to the processing of personal data.
1. DEFINITIONS
- Controller: The merchant using the Oodles platform to collect and process customer data.
- Processor: FuelSignal, Inc. DBA Oodles, responsible for processing data on behalf of the Controller.
- Data: Personal and other information submitted to Oodles as part of the Controller’s use of the Oodles platform.
- Data Subject: Any identified or identifiable natural person whose personal data is processed by the Processor on behalf of the Controller.
- GDPR: General Data Protection Regulation (EU) 2016/679.
- CCPA: California Consumer Privacy Act of 2018.
2. Processing of Data
Processor shall process Data solely to provide the Oodles platform to the Controller, in compliance with Controller’s documented instructions, this DPA, and the Oodles Terms of Service. The Processor will not process Data for any other purposes unless required by law.
3. Processor Obligations
- Confidentiality: Processor will ensure confidentiality of Data and restrict access to authorized personnel who require access for the purposes of this DPA.
- Security Measures: Processor will implement technical and organizational security measures to protect Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
- Data Subject Requests: Processor will assist Controller, at Controller’s expense, in responding to requests from Data Subjects exercising their rights under GDPR, CCPA, or applicable laws.
- Sub-Processors: Processor will ensure any sub-processors engaged in processing Data comply with the terms of this DPA and are subject to the same data protection obligations.
4. Controller Obligations
- Compliance: Controller is responsible for ensuring all instructions to the Processor comply with applicable data protection laws, including GDPR and CCPA.
- Consents and Authorizations: Controller must obtain and maintain all necessary consents and authorizations from Data Subjects to allow the Processor to process Data as instructed.
- Lawful Transfer: Controller will ensure the lawful transfer of Data to Processor and provide necessary information to Data Subjects about this transfer.
5. Data Security
Processor maintains industry-standard security protocols, including encryption, secure servers, and regular security assessments. However, the Controller acknowledges that no system is completely secure, and Processor cannot guarantee absolute data security.
6. Data Breach Notification
In the event of a data breach affecting Data, Processor will promptly notify Controller and provide relevant details to assist in any necessary response measures, including notification to Data Subjects, regulatory authorities, and incident investigations as required by law.
7. Term and Termination
This DPA remains in effect as long as Controller uses the Oodles platform. Either party may terminate this DPA immediately if the other party materially breaches any terms, provided the breach is not cured within 30 days of notice.
8. Return or Deletion of Data
Upon termination of services, Processor will delete or return Data to Controller, at Controller’s request, unless applicable laws require retention.
9. Miscellaneous
- Governing Law: This DPA is governed by the laws of the State of Texas.
- Entire Agreement: This DPA constitutes the entire agreement between the parties on this subject and supersedes any prior agreements or negotiations.
By using the Oodles platform, the Controller agrees to comply with the terms of this DPA.