Data Processing

Created on 17 May, 2025Trust and Safety • 6 views • 1 minutes read

Shortsy Data Processing

Effective Date: May 17, 2025

This Data Processing Addendum (“DPA”) is incorporated by reference into the Shortsy Terms of Service and describes how Wicked Wheels Express Ltd. (“Shortsy”) processes personal data on behalf of its customers (“Controller”) in compliance with applicable data protection laws, including the GDPR.

1. Definitions

  • “Personal Data”: any information relating to an identified or identifiable natural person.
  • “Processing”: any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • “Sub‑processor”: any third party engaged by Shortsy to assist in Processing.

2. Processing Scope & Purpose

Shortsy will Process Personal Data solely to provide and improve the Shortsy platform (including user accounts, link analytics, push notifications) under the Controller’s instructions, and as necessary to comply with legal obligations.

3. Controller Responsibilities

  • Ensure valid consent or legal basis for sharing Personal Data with Shortsy.
  • Provide accurate instructions and keep data subjects informed of Shortsy’s role.

4. Shortsy Obligations

  • Confidentiality: Restrict access to authorized personnel bound by confidentiality.
  • Security: Implement technical and organizational measures to protect Personal Data (e.g., encryption, access controls).
  • Sub‑processing: Maintain a current list of Sub‑processors at https://shortsy.me/subprocessors. Controller consents to additions upon 10 days’ notice.
  • Data Subject Rights: Assist Controller in responding to requests (access, correction, deletion, portability).
  • Breach Notification: Notify Controller within 48 hours of discovering any Personal Data breach.

5. International Transfers

If Personal Data is transferred outside the European Economic Area, Shortsy will ensure appropriate safeguards, such as Standard Contractual Clauses or reliance on an adequacy decision.

6. Audit & Compliance

Controller may audit Shortsy’s compliance once per year, with reasonable notice, or rely on third‑party certifications (e.g., ISO 27001) to verify compliance.

7. Termination & Data Deletion

Upon termination of the Services, Shortsy will, at Controller’s choice, delete or return all Personal Data within 30 days, unless retention is required by law.

8. Liability & Indemnity

Liability limits and indemnification provisions are as set forth in the Terms of Service, except that Shortsy’s aggregate liability for data breaches will not exceed the fees paid by Controller in the 12 months prior to the event.

9. Contact Information

For questions or notices under this DPA, please contact:

Wicked Wheels Express Ltd.
Email: support@shortsy.me
Web: https://shortsy.me/contact