Salloq Software – Data Protection Addendum (GDPR / CCPA)

Last Updated: December 8, 2025

This Data Protection Addendum (“DPA”) supplements the Terms of Service and Privacy Policy between Salloq Software (“Salloq”) and you as a merchant or business user (“Customer”) when Salloq processes personal data on your behalf under the General Data Protection Regulation (“GDPR”) and/or the California Consumer Privacy Act (“CCPA”), as amended.

1. Roles of the Parties

  • For personal data of your customers and end users that you process using the Service (“Customer Data”), you are typically the “controller” (or “business” under CCPA) and Salloq acts as a “processor” (or “service provider”).
  • For personal data of merchants and account owners, Salloq acts as an independent “controller” for its own business purposes as described in the Privacy Policy.

2. Processing Instructions

Salloq will process Customer Data only:

  • On your documented instructions, including those in the Terms and this DPA, and as necessary to provide the Service;
  • As required by applicable law, in which case Salloq will inform you (unless prohibited by law).

3. Security Measures

Salloq implements appropriate technical and organizational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures may include:

  • Access controls and authentication;
  • Encryption of data in transit (e.g., TLS);
  • Regular backups and recovery procedures;
  • Monitoring and logging of critical systems;
  • Employee confidentiality obligations.

4. Subprocessors

You authorize Salloq to engage third-party subprocessors to process Customer Data as necessary to provide the Service. Salloq will:

  • Impose data protection obligations on subprocessors equivalent to those in this DPA; and
  • Remain responsible for subprocessors’ compliance with such obligations.

A current list of subprocessors may be made available upon request or via our website.

5. Data Subject / Consumer Rights

Where required by law, Salloq will assist you in responding to data subject or consumer requests related to Customer Data, including:

  • Requests for access, rectification, deletion, or portability;
  • Requests to opt out of certain processing where applicable.

You are responsible for handling such requests directly with your customers and for determining the appropriate response.

6. Security Incidents

In the event of a confirmed personal data breach affecting Customer Data, Salloq will notify you without undue delay after becoming aware of the breach and provide information reasonably required for you to comply with your obligations under applicable data protection laws.

7. International Transfers

Customer Data may be transferred to and processed in countries outside the EEA/UK, including the United States. Where required, Salloq will implement appropriate safeguards (such as Standard Contractual Clauses) to protect Customer Data during such transfers.

8. CCPA-Specific Terms

For Customer Data subject to the CCPA, Salloq will:

  • Act as a “service provider” and process personal information only for the permitted business purposes under your instructions;
  • Not sell or share personal information as defined by CCPA;
  • Not retain, use, or disclose personal information outside the direct business relationship, except as permitted by law.

9. Audit & Compliance

Upon reasonable written request and subject to confidentiality, Salloq will provide information necessary to demonstrate compliance with this DPA. Any audits must be:

  • Reasonable in scope and frequency;
  • Conducted during normal business hours;
  • Coordinated in advance with Salloq.

10. Return or Deletion of Data

Upon termination of the Service or upon your written request, Salloq will delete or return Customer Data within a reasonable period, unless retention is required by law or technically impracticable. Aggregated, anonymized data may be retained.