1. Scope & Purpose

This Data Processing Agreement (“DPA”) governs Sp5der’s processing of customer personal data in compliance with:

  • GDPR (EU General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Google Ads Data Protection Terms

2. Data Processing Details

Types of Data Processed

  • Contact information (name, email, shipping address)
  • Payment details (processed via PCI-compliant gateways)
  • Order history and preferences
  • Device/IP data (for analytics and fraud prevention)

Processing Activities

  • Order fulfillment and customer service
  • Marketing (with explicit consent)
  • Fraud detection and prevention
  • Analytics and website improvement

3. Google-Specific Requirements

Google Ads Data Collection

We disclose that we may share the following with Google:

  • Website visitor data via Google Analytics
  • Conversion tracking for ad performance measurement
  • Remarketing audience data (if enabled)

User Consent Mechanism

  • Clear cookie consent banner implemented
  • Opt-out options for analytics tracking
  • Unsubscribe option in all marketing emails

4. Data Security Measures

Technical Safeguards

  • SSL encryption on all pages
  • Regular security audits
  • Restricted employee access to sensitive data
  • Secure payment processing (PCI DSS compliant)

Organizational Measures

  • Staff training on data protection
  • Confidentiality agreements with employees
  • Vendor assessments for third-party processors

5. Data Subject Rights

Customers may request:
✅ Access to their personal data
✅ Correction of inaccurate information
✅ Deletion of their data (with exceptions)
✅ Export of their data in machine-readable format

Request Process:

  1. Email request to: privacy@sp5derhoodies.com.co
  2. Verification of identity required
  3. Fulfillment within 30 days (GDPR standard)

6. Third-Party Processors

We use the following sub-processors:

  • Google (Analytics, Ads)
  • Payment processors (Stripe, PayPal)
  • Shipping carriers (UPS, USPS, FedEx)
  • Email service providers

All sub-processors are bound by contractual data protection obligations.

7. Data Breach Protocol

In case of a breach:

  1. Immediate investigation and containment
  2. Notification to affected parties within 72 hours (where required)
  3. Reporting to relevant authorities if necessary

8. Agreement Duration & Termination

  • Effective upon signing
  • Remains valid while processing personal data
  • Data deletion procedures upon termination

9. Governing Law

This DPA shall be governed by California law for US operations and GDPR for EU data subjects.

10. Contact Information

Data Protection Officer:
📧 Email: dpo@sp5derhoodies.com.co
📱 Phone: +1 332 252 9275
✉️ Mail: 13547 George Ct, Chino, CA 91710