Data Controller vs Processor Roles
In the context of the Data Processing Agreement, Digital Products Outlet acts as a data processor while its clients are designated as data controllers. As a data processor, Digital Products Outlet processes personal data on behalf of the data controllers, following their instructions and ensuring compliance with applicable data protection laws.
What Personal Data is Processed
Digital Products Outlet processes various categories of personal data, including:
- Customer names and contact information
- Payment details
- Account login credentials
- Purchase history and preferences
Purpose and Legal Basis
The primary purpose of processing personal data is to facilitate transactions in the digital software marketplace, including:
- Managing user accounts
- Processing payments
- Delivering purchased software products
- Providing customer support
The legal basis for processing personal data includes:
- Performance of a contract with the data subject
- Compliance with legal obligations
- Legitimate interests pursued by Digital Products Outlet or its clients
Sub-processors
Digital Products Outlet may engage sub-processors to assist in processing personal data. A list of approved sub-processors is maintained and shared with data controllers. Digital Products Outlet ensures that all sub-processors are bound by data protection obligations equivalent to those in the Data Processing Agreement.
Data Subject Rights
Data subjects have the following rights concerning their personal data:
- The right to access their personal data
- The right to rectification of inaccurate data
- The right to erasure (right to be forgotten)
- The right to restrict processing
- The right to data portability
- The right to object to processing
Digital Products Outlet assists data controllers in fulfilling these rights upon request.
Data Transfer Safeguards
When transferring personal data outside of the European Economic Area (EEA), Digital Products Outlet implements appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Ensuring that the receiving country provides adequate data protection
These measures ensure that personal data remains protected during international transfers.