Executed in compliance with the data processing legislation, including but not limited to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR“).

1. Basic Terms and Definitions

1.1. The terms "Provider", "Client", "Service", "Service Period" have the same meaning as defined in the Business Terms and Conditions and the terms "Controller", "Processor", "Personal Data", "Processing", and "Appropriate Technical and Organizational Measures", are used in the sense defined by the Principles of Personal Data Protection.

1.2. This Personal Data Processing Agreement defines the method of the Client´s customer personal data processing in compliance with the personal data processing legislation, including but not limited to the GDPR.

1.3. The Provider is the Processor of the Client´s customer personal data and the Client is the Controller or these data.

1.4. The Provider is not entitled to process the personal data in contradiction to or in excess of the framework defined by these terms without direct specific consent of the Client. This consent may be granted by the Client for example by checking the relevant item in the Service form, by email or in any other communication with the Provider.

2. What Personal Data Are Processed by Provider on Request of Client

2.1. The Provider hereby agrees to process personal data for the Client for the purpose of the Service provision in the form of “SaaS“ (Software as a Service) within the scope of common personal data and throughout the Service Period. Processing of the special category of personal data pursuant to Art. 9 of GDPR within the framework oft he Service is prohibited.

2.2. The Processor hereby agrees to process the following types of personal data concerning the following categories of Data Subjects:

Personal data type
Personal data
Category of subjects to which the processed personal data relate
Client´s customers
Personal data type
Our accountant and tax accountant
Category of subjects to which the processed personal data relate
We need a provider of accounting and tax services to us as a data processor to keep our accounts and fulfill our tax liabilities for us
Personal data type
An entity assuring our web site run, our application and our software functioning (computer systems) including persons providing cloud services
Category of subjects to which the processed personal data relate
We need the entity as a data processor to provide to us software equipment, to perform servicing of our web site and to assure operation of our information systems
Personal data type
A person assuring our direct e-mailing
Category of subjects to which the processed personal data relate
We may authorize a third party to disseminate our e-mail information and we may provide your e-mail address to this person for that purpose
Personal data type
Personal data
Our accountant and tax accountant
An entity assuring our web site run, our application and our software functioning (computer systems) including persons providing cloud services
A person assuring our direct e-mailing
Category of subjects to which the processed personal data relate
Client´s customers
We need a provider of accounting and tax services to us as a data processor to keep our accounts and fulfill our tax liabilities for us
We need the entity as a data processor to provide to us software equipment, to perform servicing of our web site and to assure operation of our information systems
We may authorize a third party to disseminate our e-mail information and we may provide your e-mail address to this person for that purpose

2.3. The Client shall enter the following personal data if its customers in the Service within the following scope:

  • Customer data (e.g., firstname, delivery address, vat status, customer registration, customer type)
  • Contact details (email, city, country, zipcode)
  • Purchased goods data (title, category, type, code, EAN, currency, unit price, VAT, weight, sale price with and without dph, list of discounts, list of specification attributes and their values for a particular product variant, pictures of goods, purchase price without dph, inventory price with and without dph, supplier, producer, tags/labels)
  • Shipping and payment data (name of shipping /payment, price of shipping / payment, VAT rate, the exchange rate for default eshop currency)

3. What the Provider Uses Data for and How It Processes Them

3.1. Personal data are processed for the purpose of all activities needed for provision of the Services in the form of Saas (Software as a Service) (including support etc.).

3.2. The Provider hereby agrees to process personal data for the Client within the scope and for the purpose specified in Art. 3.1 hereof. In the context of the processing the Provider shall collect the personal data, store them on information carriers, sort, forward, save and delete them in automated as well as manual manner for the activity to correspond to the purpose of the personal data processing.

3.3. The Client grants to the Provider a general permit to use a sub-processor for the purpose. The Provider shall bind its sub-processors with the same personal data protection liability as is defined herein. The Provider´s sub-processors include: Google LLC, with registered seat at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

3.4. If the Client seeks information about future changes in the list of sub-processors a request can be sent to info@monkeydata.com. The Provider shall inform the Clients requesting so within fourteen (14) days before the change takes effect. The Client may object against the change within this deadline. Legitimate objections must include documented violation of the principles of personal data protection by the sub-processor.

3.5. In serious cases involving threatening of data security or Service operation he Provider shall be entitled to change the sub-processor without prior notification of the Client. In such case the Provider shall be liable to notify the change to the Client ex post and the right of the Client for filing a legitimate objection shall not be affected.

3.6. The Provider hereby agrees to adopt measures preventing unauthorized or inadvertent access to the personal data, their alteration, destruction or loss, unauthorized transfers, processing and other misuses of the personal data. The Provider hereby agrees to secure the personal data processing by the following means, including but not limited to:

  • The Provider has adopted and will maintain technical and organizational measures corresponding to the risk level to prevent unauthorized or inadvertent access to the personal data, their alteration, destruction or loss, unauthorized transfers, processing and other misuses of the personal data.
  • Authorized representatives of the Provider processing personal data under these terms and conditions are liable to keep confidential both the processed personal data and the security measures whose disclosure might threaten security of the data. The Provider shall assure documented binding its representatives with this liability. The Provider shall assure survival of this liability of its authorized representatives even after their employment or other relationship termination with the Provider.
  • The Provider shall provide the Client with all information needed to document compliance herewith and with the GDPR, and permit audits, including inspections performed by the Client or another auditor authorized by the user.

3.7. The Provider is entitled to use the data provided by the Client for the following purposes: for internal use by the Provider and for processing and publication in accumulated anonymous form (such as for the purpose of various studies, statistical reports, info graphics, case studies etc.).

4. Client´s Right to Export Data

4.1. The Client shall be entitled any time to export data in machine readable formats in any manner permitted by the Service.

5. Data Deletion

5.1. Data provided by the Client for processing by the Provider´s Service shall be deleted in thirty (30) days.

5.2. In thirty (30) days from the account deletion the Provider shall also delete Client´s data from the Service backups.

5.3. The Service logs which may include Client account activity records shall be deleted by the Provider in one (1) year from the account deletion.

6. Miscellaneous

6.1. The Client hereby agrees to inform the Provider without delay about all facts known to the Client which might negatively affect due and timely fulfillment of the liability following from this agreement and to provide the necessary assistance to the Provider for the purpose of facilitation of fulfillment hereof.

7. Agreement Term and Effectiveness Date

7.1. This agreement is executed for a limited period from its effectiveness date to the date of the Service termination for any reason.

7.2. This agreement comes to force and effect on 25 May 2018.