1. Scope & Definitions
This Data Processing Agreement (DPA) forms part of the Nile Terms of Service. It applies to the processing of personal data of end-users (store buyers) by Nile on behalf of the merchant. The merchant acts as the Data Controller, and Nile acts as the Data Processor. Definitions conform to GDPR, NDPA, and other data privacy legislations.
2. Processing Under Instructions
Nile will only process personal data on documented instructions from the controller, including for executing checkouts, updating inventory parameters, calculating shipping values, and transmitting order tracking details. Nile will notify the merchant immediately if an instruction violates regional privacy legislation.
3. Processor Obligations
Nile agrees to adhere to the following strict operational requirements:
- Confidentiality: Ensure that all staff authorized to process personal data have signed binding non-disclosure agreements.
- Security Measures: Implement administrative and technical safeguards, including field-level database encryption and network logging.
- Breach Notification: In the event of a security breach involving controller data, Nile will notify the merchant within forty-eight (48) hours of confirmation.
- Audit Rights: Nile will provide compliance audits and summaries to demonstrate adherence to our DPA standards.
4. Subprocessors
Nile contractually binds all subprocessors (such as AWS and regional payment gateways) to terms no less restrictive than those defined in this DPA. We notify controllers of any planned changes to subprocessors to allow for objections under privacy regulations.