Effective date: 01 September 2025
Parties: (a) Kundikoff Limited, 86–90 Paul Street, London, EC2A 4NE, England ("K1"); and (b) the Shopify merchant that installs or uses the K1 PreOrder Manager application (the "Merchant"). For purposes of this DPA and solely with respect to Customer Personal Data, Merchant acts as the Controller and K1 acts as the Processor. With respect to Merchant/admin data, each party acts as an independent controller as described in the Privacy Policy; such processing is outside the scope of this DPA.
This DPA forms part of and is subject to the K1 PreOrder Manager Terms & Conditions (the "Agreement"). Capitalized terms not defined here have the meaning in the Agreement. In case of conflict between this DPA and the Agreement, this DPA prevails to the extent of the conflict on matters of data protection. By installing or using the App (or otherwise accepting the Agreement), the parties are deemed to have executed this DPA, including the SCCs/UK Addendum incorporated in Annex III, by electronic means, without the need for wet‑ink signatures.
1.1 Roles and scope. This DPA applies only to Customer Personal Data. For that data, Merchant is the Controller and K1 is the Processor. For the avoidance of doubt, with respect to Merchant/admin data, each party acts as an independent controller; this DPA does not apply to that processing, which is governed by the Privacy Policy and the Agreement.
1.2 Subject matter & duration. Processing is limited to providing the App and related support during the term of the Agreement, until deletion/return under §10.
1.3 Documented instructions. K1 will process Customer Personal Data only on Merchant’s documented instructions, including via App configurations and the Agreement, and as required to comply with law. K1 will promptly inform Merchant if an instruction infringes data protection law.
1.4 Prohibited purposes. K1 will not sell, share for cross‑context behavioral advertising, or otherwise process Customer Personal Data for its own purposes or for profiling unrelated to the App.
Provide, secure, and support App features that enable pre‑order workflows, including: reading product/variant context; creating/updating Order Metadata (e.g., tags/flags/attributes marking preorders); scheduling rules; logging and diagnostics; honoring Shopify privacy webhooks.
3.1 Data subjects. End‑customers of the Merchant’s Shop; Merchant staff acting in the Shop admin.
3.2 Categories of Customer Personal Data. Typically limited to order‑ and product‑level context necessary for pre‑order attribution, such as order IDs, product/variant IDs, rule IDs, pre‑order flags/tags, timestamps and similar metadata. The App does not store end‑customer names or emails by default. Any expanded scope is solely determined by Merchant’s configuration and use of Shopify APIs.
3.3 Special categories. The App is not intended to process special categories of data (GDPR Art. 9) or children’s data. Merchant shall not transmit such data to the App.
K1 ensures that persons authorized to process Customer Personal Data are bound by confidentiality, receive appropriate training, and access only what is necessary under the least‑privilege principle.