Data Processing Addendum

Data Processing Addendum

Version 1.00

Last Updated: 31st October 2022

This Data Processing Addendum (“DPA”) forms part of the Skubiq Master Subscription Agreement, Terms of Services (available at https://www.skubiq.com/termsandconditions/ or such other location as such terms may be posted from time to time), Privacy Policy (available at https://www.skubiq.com/privacypolicy/ ) or other such agreement entered into by and between Avya Inventrax Pvt. Ltd., DBA Inventrax, having complete ownership and representation of www.skubiq.com (“SKUBIQ”) and the Customer entity that is a party to the Agreement (“Customer”) collectively the “Parties” under which the Customer accesses and uses SKUBIQ’s products and services.

If you are accepting this DPA on behalf of Data Subjects, you warrant that: (a) you have the full legal authority to bind Customer to this DPA; (b) you have read and understood this DPA; and (c) you agree on behalf of the Data Subjects, to this DPA. If you do not have the legal authority to bind the Customer, please do not accept this DPA.

 

1. Subject Matter and Duration

  • Subject Matter

This Addendum reflects the Parties’ commitment to abide by Applicable Data Protection Laws concerning the Processing of Customer Personal Data in connection with Inventrax’s execution of the Agreement. All capitalized terms that are not expressly defined in this Data Processing Addendum will have the meanings given to them in the Agreement. If and to the extent language in this Addendum or any of its Annexure’s conflicts with any other material incorporated into or located on Skubiq.com website, including but not limited to the Agreement, this Addendum shall control.

  • Duration and Survival.

This Addendum will become legally binding upon the Effective Date of the Agreement or upon the date upon which both Parties have signed this Addendum if it is completed after the Effective Date of the Agreement. Inventrax will Process Customer Personal Data until the relationship terminates as specified in the Agreement. Inventrax’s obligations and Customer’s rights under this Addendum will continue in effect so long as Inventrax Processes Customer Personal Data.

 

2. Definitions

“Business Purpose” means the use of personal information for the business’s or a service provider’s operational purposes, or other notified purposes, provided that the use of personal information shall be reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.

“Data Controller” or “Controller” means the legal person or entity that alone, or jointly with others, determines the purposes and means of Processing Personal Data.

“Data Processor” or “Processor” means the person or entity that Processes Personal Data on behalf of a Controller.

“Data Protection Law(s)” means all privacy and data protection laws and regulations applicable to the Services, including laws or regulations that apply to the processing of Personal Data under this Agreement, as updated from time to time.

“Sub-processor” means any Data Processor engaged by Inventrax to Process Personal Data.

‘UK GDPR” means the EU GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018.

 

3. Processing of Personal Data

  • Compliance with Laws.

The Customer’s Personal Data shall be Processed in compliance with the terms of this Addendum and all Applicable Data Protection Law(s).

  • Roles and Responsibilities

The customer is the Data Controller and Inventrax is the Data Processor. Inventrax is a Service Provider to Customers. The Customer authorizes: (a) Inventrax to Process the Personal Data of the Customer’s Data Subjects in accordance with the terms of this DPA and the Agreement; (b) Inventrax to appoint any Inventrax Affiliate as a sub-processor; and, (c) Inventrax (and its Affiliate) to appoint third-party sub-processors to support the performance of the Services, provided that such appointments shall be subject to the terms of this DPA, including Section 4 below. Such authorization shall not be deemed to negate the Customer’s status as Data Controller, nor shall it constitute any relinquishment of the Customer’s final authority over the purposes or means of Processing.

  • Inventrax Processing Activities 

In line with this DPA, Inventrax commits to: (a) only process Personal Data necessary to provide the Services in compliance with the Agreement and in accordance with explicit instructions from the Customer; and (b) take reasonable measures to ensure that only authorised individuals who are subject to formal confidentiality obligations have access to Personal Data.  In addition, Inventrax assures that it will abide by all applicable data protection laws while delivering services in accordance with the terms of the Agreement and this DPA.

  • Customer Processing Activities

Customers may in the course of their use of the Services transmit Personal Data to Inventrax. Customer shall have sole responsibility for the accuracy, quality, and legality of that Personal Data, including the means by which Customer or any relevant third-party acquired that Personal Data. Unless specifically identified and agreed in a written amendment to this DPA, the Customer warrants that it shall not transmit or store within the Services any prohibited Personal Data except as explicitly set forth in the Agreement. The customer also warrants that it has provided all necessary notices to the relevant Data Subjects and obtained appropriate permission, consent, or other valid authorization for transmission to and processing of Personal Data (including cross-border transfers) by Inventrax, as may be required by applicable Data Protection Laws.

  • Details of Processing Activities.

The nature and extent of Personal Data processed by Inventrax are directly related to the Services requested by the Customer, and the Agreement and this DPA specify the Customer’s requirements applicable thereto. Because the Customer has specified the requirements applicable to the processing through the Agreement and this DPA, the purpose and means of processing shall always be deemed to have been determined solely by the Customer. The Customer agrees that as applicable, Inventrax may use a privacy policy in connection with the Services, including on any hosted website or online service provided for the Customer.

  • Confidentiality.

Any person or Third Party authorized to Process Customer Personal Data must agree to maintain the confidentiality of such information or be under an appropriate statutory or contractual obligation of confidentiality.

  • Business Purpose Only; No Sale.

The Personal Data disclosed to Inventrax by the Customer is provided to Inventrax solely for a Business Purpose, Inventrax will not engage in any Sale of Personal Data.

 

  1. Sub-Processing

Inventrax shall take commercially reasonable steps to require that any sub-processor it engages to provide Inventrax Services on its behalf in connection with this DPA does so only based on a written contract that imposes on such sub-processor terms that are substantial as protective of Personal Data as those imposed on Inventrax in this DPA. Inventrax agrees to be liable for the acts or omissions of its third-party sub-processors to the same extent as Inventrax would be liable if performing the services of the sub-processors under the terms of the Agreement.

SKUBIQ is hosted on Amazon Web Services (“AWS”) data servers that are protected by the security and environmental controls of AWS. AWS is SOC 1,2,3, ISO 27001/27017/27018, and PCI-DSS compliant. Detailed information about AWS security is available at https://aws.amazon.com/security/  and http://aws.amazon.com/security/sharing-the-security-responsibility/.

SKUBIQ also uses Zoho Subscriptions (“ZOHO”) for processing its subscription payments. ZOHO is SOC 1,2, ISO/IEC 20000, 27001, 27017, 27018, 27701 ISO 9001, CSA STAR, PCI-DSS, GDPR, HIPPA and CCPA compliant. Detailed information about ZOHO security is available at https://www.zoho.com/compliance.html.

Inventrax investigates each subprocessor’s data privacy and information security practices, taking into account certifications such as ISO 27001, published agreements such as a Data Processing Addendum, and/or contractual terms agreed upon between Inventrax and the sub-processor.

 

5. Data Subject Requests

  • Receipt of Data Subject Request by Inventrax.

In the event Inventrax receives a Data Subject Request from Customer’s Data Subject, Inventrax shall not respond to such Data Subject Request without Customer’s prior written consent except to: (a) confirm receipt; (b) advise that such request relates to Customer, and (c) provide a referral to the Customer.

  • Inventrax Assistance to Customer for Data Subject Requests.

To the extent Customer does not have the ability to address a Data Subject Request using the functionalities available to Customer within the SKUBIQ platform, Inventrax shall, upon Customer’s request, provide reasonable assistance to facilitate obtaining such information as may be relevant to the Data Subject Access Request, to the extent Inventrax is able to provide such information consistent with applicable law. The Customer shall notify Inventrax of any required assistance via email sent to info@skubiq.com.

  • Customer Responsibilities.

Customer shall be responsible for all interactions and communications with the Customer’s Data Subject (notwithstanding the confirmation notice described in Section 4.1 above) and shall solely be responsible for verification of the identity of the Data Subject, or their authorized representative, and transmission of any Personal Data provided to the Data Subject pursuant to their Data Subject Access Request. Inventrax shall not be responsible for the verification of requests, or for the delivery of Personal Data to Data Subjects unless explicitly agreed to in writing.

  • Time Frame for Assistance.

Should Customer require assistance pursuant to Section 5.2, Inventrax shall provide a substantive response within a commercially reasonable period of time, but no event more than ten (10) business days after receipt, provided that such notification is complete insofar as Customer has provided, via the notification process in Section 5.2, all relevant information required in order that the Inventrax may identify the appropriate records. If the Personal Data provided in response to such request for assistance includes any sensitive information, Inventrax shall notify the Customer and the parties shall determine a mutually agreeable process for securely transmitting that information (e.g., encrypted file, secure FTP, encrypted email, etc.).

 

6. Data Storage and Deletion.

  • Data Storage
  1. Inventrax will not store or retain any of the Customer’s Personal Data except as necessary to perform the Service under the Agreement.
  2. The Customer acknowledges that Inventrax may utilize cryptographic or other industry-standard methods to de-identify or anonymize/pseudonymize any Personal Data associated with a record but may still retain certain non-Personal Data or aggregate data associated with a particular transaction or record.
  • Data Deletion

Inventrax will abide by the following with respect to the deletion of the Customer’s Personal Data:

  1. Unless otherwise required to retain such data by applicable laws, within 30 days of the Agreement’s expiration or termination, Inventrax will make reasonable efforts to securely destroy (per subsection(iii) below) all data from live systems and to prevent such data from being further Processed.
  2. Upon Customer’s request, Inventrax, will promptly return to the Customer, their Personal Data within thirty (30) business days of such request, and if the Customer also requests deletion of their Personal Data, will carry that out as set forth above.
  3. All deletion of Customer Personal Data will be conducted in accordance with standard industry practices for deletion of sensitive data.
  4. Tapes, printed output, optical disks, and other physical media will be physically destroyed by a secure method, such as shredding.
  5. Customer acknowledges that Inventrax may still retain certain Personal Data in offline archives, “cold storage” systems, or physical or virtual system backups (collectively “Archived Data”) and that Inventrax shall not be obligated to delete Archived Data, provided that Inventrax shall promptly delete any Customer Data if such data is retrieved from its archived state and restored to live systems. The Customer can request data deletion from Archived Data, and if Inventrax accommodates that request, The Customer shall bear all administrative and labor costs associated with the process of retrieval and disposal, including all third-party fees and any other costs reasonably incurred by Inventrax (billed at the Inventrax’s then-current standard professional services rates).
  6. The deletion of data must stop immediately upon written notifications to Inventrax that the preservation of documents or data for contemplated litigation is required (sometimes referred to as a litigation hold). This is because Inventrax may be involved in a legal claim or an official investigation (see next paragraph). Deletion may begin again once Inventrax lifts the requirement for preservation. 

 

7. Special Circumstances

  • Preservation of documents/data for contemplated litigation and other special situations.

The Customer acknowledges that, if Inventrax or its affiliates believe, that certain records/documents/data are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other events, you must preserve and not delete, dispose of, destroy, or change those records, including emails and other electronic documents, until Inventrax determines those records/documents/data are no longer needed. Preserving documents includes suspending any requirements in the data storage clauses and preserving the integrity of the electronic files or another format in which the records are kept.

 

8. International Data Transfers

  • Personal Data Transfers.

Customer agrees to allow transfer of Personal Data outside the country from which it was originally collected provided that such transfer is required in connection with the provision of Services under the Terms and such transfers take place in accordance with Data Protection Laws, including, without limitation, completing any prior assessments required by Data Protection Laws.

  • International Transfers

The parties agree that Inventrax may process Personal Data directly or through the use of sub-processors in jurisdictions around the world, in its reasonable discretion to provide the Services or to perform its rights and responsibilities under the Agreement.

  • Where the Customer belongs to a country outside India, the Customer acknowledges and agrees that The Customer Data will be transferred to India.

 

9. Inspections and Audit

  • Inspection and Audit

Unless otherwise provided for in the Agreement, the Customer may exercise its right of inspection and audit under Data Protection Laws by requesting, and Inventrax shall comply by providing: (a) a certificate not older than 18 months by a registered and independent external auditor demonstrating that Inventrax’s technical and organizational security measures are sufficient and in accordance with an accepted industry audit standard (e.g., ISO 27001 or SOC 1 Type 2 reports); or, (b) such additional information in Inventrax’s possession or control when requested by a government regulator or data protection authority, with regard to the data processing activities carried out by Inventrax under this DPA.

  • Additional Assistance. 

In the event that the Customer is entitled under Data Protection Laws to request additional information pursuant to 6.1(b) above, such further information shall be provided, however, Inventrax, taking into account the resources and time required to fulfil the additional requests, reserves the right to invoice the Customer on a time and materials basis for any activities necessary for the preparation of such information (billed at the Inventrax’s then-current standard professional services rates). If Inventrax anticipates the need to invoice, Inventrax shall notify the Customer in advance of undertaking any work and the Customer and Inventrax shall mutually agree upon the scope, timing, and duration of any on-site inspection, including with respect to any third-party inspector selected by the Customer. The Customer shall promptly notify the Inventrax of any non-conformance discovered during the course of an on-site audit. It is acknowledged and agreed that nothing in this DPA shall require Inventrax, its Affiliates or sub-processors, to disclose or provide access to any records, information, or systems that are confidential or proprietary to Inventrax or its sub-processors or their Affiliates.

  • Third Parties.

In the event that Customer conducts an audit through a third-party independent auditor, or a third party accompanies Customer or participates in such audit, such third party shall be required to enter into a non-disclosure agreement containing confidentiality provisions substantially similar to those set forth in the Agreement to protect Inventrax’s and Inventrax’s customers’ confidential and proprietary information. For the avoidance of doubt, regulators shall not be required to enter into a non-disclosure agreement.

 

10. Security Incidents

  • Security Incident Response

Inventrax will deploy and follow policies and procedures to detect, respond to, and otherwise address Security Incidents including procedures to (i) identify and respond to reasonably suspected or known Security Incidents, mitigate 4 harmful effects of Security Incidents, document Security Incidents and their outcomes, and (ii) restore the availability or access to Customer Personal Data in a timely manner.

  • Notice

Inventrax agrees to provide prompt written notice without undue delay and within the time frame required under Applicable Data Protection Law(s) (but in no event longer than twenty-four (24) hours) to the Customer’s Designated Contact upon becoming aware that a Security Incident has taken place. Such notice will include all available details required under Applicable Data Protection Law(s) for the Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.

 

11. Technical And Organizational Security Measures

Inventrax provides the technical and organizational security measures required under applicable Data Protection Laws for the security of Personal Data that it processes pursuant to the Agreement, including all such measures as described in Technical and Organisations Security Measures.

 

12. Indemnity and Liability

  • Indemnity

Inventrax agrees to indemnify, defend, and hold harmless Customer against all costs, claims, damages, or expenses incurred by Customer, or for which Customer may become liable due to: (a) gross negligence, wilful misconduct, or fraud by Inventrax, its Affiliates, or its Sub-Processors, or their respective employees or agents in the course of their obligations under this DPA; or (b) any Personal Data Breach caused by Inventrax’s failure to comply with its security obligations in Technical and Organisations Security Measures.

  • Privacy-Related Liability Limitation

Inventrax’s liability arising out of or in relation to Data Protection Laws and this DPA (including the Security Terms in Technical and Organisations Security Measures and indemnification obligations above) shall continue to be subject to the general limitations and exclusions of liability as set forth in the Agreement (and not subject to any limitations or exclusions applicable specifically to confidentiality or confidential information in the Agreement).

  • Non-Privacy Related Liability

Inventrax’s liability to the Customers arising out of issues not related to the Data Protection Law, or any provision of this DPA, shall continue to be subject to the same general limitations and exclusions of liability as set forth under the Agreement.

 

13. General

  • Confidentiality

The parties may disclose the terms of this DPA to data protection or regulatory authority (or a relevant data controller) to the extent required by law or regulatory authority, provided, however, that any such disclosure shall be limited to the minimum information necessary to satisfy such disclosure requirement.

  • Notification of Infringement.

Inventrax shall inform Customer, as soon as reasonably practicable upon becoming aware, if in Inventrax’s opinion any instructions provided by Customer under this DPA infringe applicable Data Protection Law(s).

  • Compliance Responsibility.

Each party is responsible for ensuring its employees and its authorized third parties comply with these terms.

  • Severability

If any provision of this DPA will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this DPA will otherwise remain in effect.

  • Termination

This DPA shall terminate simultaneously and automatically with the termination of the relevant Agreement where the Customer does not renew or amend the existing relevant Agreement. Notwithstanding the foregoing, Inventrax shall continue to treat Personal Data in accordance with the terms herein for so long as Inventrax has possession of or access to such Personal Data

  • Changes.

Inventrax may change this DPA if the change is required to comply with Data Protection Law, a court order or guidance issued by a governmental regulator or agency, provided that such change does not: (i) seek to alter the categorization of the Inventrax as the Data Processor; (ii) expand the scope of, or remove any restrictions on, either Party’s rights to use or otherwise process Personal Data; or (iii) have a material adverse impact on Customer, as reasonably determined by Inventrax.

  • Headings

The headings in this DPA are for convenience only and shall not affect the interpretation or construction of this DPA or the Agreement.

  • Governing Law and Jurisdiction:

If the Customer is situated in India or situated outside the territory of India and accesses the SKUBIQ platform, then in the unlikely event of a dispute between Inventrax, this DPA shall be governed by and construed in accordance with the laws of India. The Customer agrees, as Inventrax does, to submit to the exclusive jurisdiction of the Courts at Hyderabad, India.

 

ININ

This demo will let you access SKUBIQ products, its functionality, features and usability to assess and help your decision making of choosing the product.

Get A Quote

Get A Quote

Start building today with our 14 day trial. No commitment. No credit card required.

3PL

The SKUBIQ is a cloud based Warehouse management system and is designed for third-party logistics companies to manage multiple customers, processes and billing schedules. The system enables access to real-time information and provides integrations with warehouse management technologies, including EDI, barcode scanning, and e-commerce shopping carts. The software scalability helps companies to manage different stock levels in warehouses, streamline business, and satisfy customers.

SKUBIQ is designed to help logistics companies automate processes and bill items accurately. The software provides features which allow the user to easily add and remove customers and products. The software is designed to help logistics providers satisfy customers’ need for updated information and increase profits through process automation.

The SKUBIQ can be integrated with any line of business application or ERP thereby allowing users to synchronize items, inventory, purchase orders, and receipts.

Manufacturing

The manufacturing is a highly regulated industry globally where attention to detail is critical to help ensure stringent requirements for product quality and deadlines are met. Its become imperative for organizations to achieve a lean environment in which they have visibility to and control over these details is where competitive advantage often resides. SKUBIQ partners with major manufacturing companies globally to improve efficiency and reduce costs, such as:

  1. Support of lean manufacturing initiatives by including inventory management capabilities within manufacturing
  2. Initiating supplier re-orders based on demand signals
  3. Compliance with industry requirements for quality, product tracking, safety, and recall management
  4. Integrated RFID, including asset tracking
  5. Quality assurance and inspection
  6. Managing a large product catalog / SKU proliferation
  7. Addressing Customer OEM parts packaging
  8. Core stratification and remanufacturing
  9. Wave planning and small order pick optimization to reduce picker travel
  10. Serialized inventory tracking
  11. EDI / ASN integration

Distribution Center

Distributors normally lack precise and seamless traceability, lot control, and recall management capabilities jeopardizing the inventory thereby putting their businesses at risk of compliance failures and legal liabilities. In addition, they are constantly challenged by the emerging consumer demands for omni-channel commerce, specialized products, and more convenient delivery options

SKUBIQ is trusted worldwide for supply chain management and visibility. But Why? Simply because our uniquely adaptable software solutions help companies like you stay on top of this fast-changing market.

SKUBIQ helps address the complete process of fulfilling complex, multi-temperature home delivery orders. SKUBIQ has the inbuilt flexibility in helping emerging online retailers and distributors a wide range of specialty products through traditional eCommerce fulfillment models.

As one of the market leaders in warehouse management (WMS) for cold-storage, third-party-logistics companies that play a critical role distribution, we bridge inventory and distribution between some of the world’s largest producers and their customers.

Fashion and Retail

The SKUBIQ is a cloud based Warehouse management system and is designed for third-party logistics companies to manage multiple customers, processes and billing schedules. The system enables access to real-time information and provides integrations with warehouse management technologies, including EDI, barcode scanning, and e-commerce shopping carts. The software scalability helps companies to manage different stock levels in warehouses, streamline business, and satisfy customers.

SKUBIQ is designed to help logistics companies automate processes and bill items accurately. The software provides features which allow the user to easily add and remove customers and products. The software is designed to help logistics providers satisfy customers’ need for updated information and increase profits through process automation.

The SKUBIQ can be integrated with any line of business application or ERP thereby allowing users to synchronize items, inventory, purchase orders, and receipts.

Fast-moving Consumer Goods

The manufacturing is a highly regulated industry globally where attention to detail is critical to help ensure stringent requirements for product quality and deadlines are met. Its become imperative for organizations to achieve a lean environment in which they have visibility to and control over these details is where competitive advantage often resides. SKUBIQ partners with major manufacturing companies globally to improve efficiency and reduce costs, such as:

  1. Support of lean manufacturing initiatives by including inventory management capabilities within manufacturing
  2. Initiating supplier re-orders based on demand signals
  3. Compliance with industry requirements for quality, product tracking, safety, and recall management
  4. Integrated RFID, including asset tracking
  5. Quality assurance and inspection
  6. Managing a large product catalog / SKU proliferation
  7. Addressing Customer OEM parts packaging
  8. Core stratification and remanufacturing
  9. Wave planning and small order pick optimization to reduce picker travel
  10. Serialized inventory tracking
  11. EDI / ASN integration

Automobile

Distributors normally lack precise and seamless traceability, lot control, and recall management capabilities jeopardizing the inventory thereby putting their businesses at risk of compliance failures and legal liabilities. In addition, they are constantly challenged by the emerging consumer demands for omni-channel commerce, specialized products, and more convenient delivery options

SKUBIQ is trusted worldwide for supply chain management and visibility. But Why? Simply because our uniquely adaptable software solutions help companies like you stay on top of this fast-changing market.

SKUBIQ helps address the complete process of fulfilling complex, multi-temperature home delivery orders. SKUBIQ has the inbuilt flexibility in helping emerging online retailers and distributors a wide range of specialty products through traditional eCommerce fulfillment models.

As one of the market leaders in warehouse management (WMS) for cold-storage, third-party-logistics companies that play a critical role distribution, we bridge inventory and distribution between some of the world’s largest producers and their customers.

Pharma & Surgical

The SKUBIQ WMS Software is a cloud-based Warehouse management system and is designed for third-party logistics companies to manage multiple customers, processes and billing schedules. The system enables access to real-time information and provides integrations with warehouse management technologies, including EDI, barcode scanning, and e-commerce shopping carts. The software scalability helps companies to manage different stock levels in warehouses, streamline business, and satisfy customers.

SKUBIQ WMS Software is designed to help logistics companies automate processes and bill items accurately. The software provides features which allow the user to easily add and remove customers and products. The software is designed to help logistics providers satisfy customers’ need for updated information and increase profits through process automation.

The SKUBIQ can be integrated with any line of business application or ERP thereby allowing users to synchronize items, inventory, purchase orders, and receipts.