END-USER DATA PROCESSING ADDENDUM TO

THE TERMS OF USE OF

Consentmo GDPR Compliance app

This End-User Data Processing Addendum ("End-User DPA") applies to store visitors and customers (the "End Users") whose data is processed when interacting with the GDPR compliance services of Consentmo Ltd. ("Consentmo"), located at 4 Prof. Georgi Bradistilov, entr. A, 4th floor, Sofia, Bulgaria. This addendum is an extension of the Privacy Policy and Terms of Use (available at: https://www.consentmo.com/privacy-policy-terms-of-service/en).

By submitting a Data Subject Access Request (DSAR) or interacting with compliance features provided through a merchant's store using the Consentmo GDPR Compliance app, you acknowledge that your IP address and email (if provided during a DSAR request submission) may be processed as outlined in this document.

1. Background

(a) Merchants using the Consentmo GDPR Compliance app ("Merchants") provide compliance services to their End Users through Consentmo. This includes managing cookie consent, compliance pages, and DSAR requests.

(b) This End-User DPA explains how Consentmo processes personal data of End Users on behalf of Merchants.

(c) Consentmo acts as a data processor for Merchants, processing End User data only as necessary to provide compliance-related services.

2. Processing of Personal Data

  • Merchant: The Data Controller responsible for collecting and managing End User data per their privacy policy.
  • Consentmo: A Data Processor acting on behalf of Merchants to facilitate GDPR, CCPA-CPRA, LGPD, and other compliance frameworks.
  • End User: The Data Subject whose personal data is processed when submitting compliance-related requests.
Consentmo does not use End User data for any purpose other than facilitating compliance obligations for the Merchant.

3. Types of Personal Data Collected

When interacting with the Consentmo-powered compliance features of a Merchant's website, we may process the following personal data:
Category
Purpose of Processing
IP Address
Logged for compliance and DSAR request verification
Email Address (if submitted)
Used to process DSAR requests and communicate responses
DSAR Request Data
Stored to facilitate legal compliance obligations
IP Cookie Consent Logs
Maintained for proof of consent compliance
All data is processed solely for compliance purposes and retained for the duration required by applicable data protection laws.

4. Legal Basis for Processing

Consentmo processes End User data under the following legal bases:
  • GDPR Article 6(1)(c): Compliance with legal obligations regarding data subject rights.
  • CCPA-CPRA: Fulfilling consumer rights requests for data access and deletion.
  • Legitimate Interest: To maintain compliance logs as evidence of regulatory adherence.

5. Data Retention

  • Cookie consent logs and DSAR requests are retained for a maximum of 12 months, after which they are deleted automatically.
  • End User data (such as IP addresses and email addresses used for DSAR requests) is deleted within 5 years unless required for ongoing legal compliance.

6. Sharing of Data

We do not sell or share End User data with third parties except as required for compliance processing. Data may be shared with:
  • Merchants who are the Data Controllers of End User data.
  • Sub-Processors authorized under Consentmo’s Merchant Data Processing Addendum, including Shopify, AWS, and other service providers used for hosting and analytics.
  • Regulatory Authorities if legally required.
For a full list of sub-processors, visit our Privacy Policy.

7. End User Rights

End Users have the following rights under GDPR and other data protection laws:
  • Right to Access (Article 15 GDPR)
  • Right to Rectification (Article 16 GDPR)
  • Right to Erasure (Article 17 GDPR)
  • Right to Restriction of Processing (Article 18 GDPR)
  • Right to Data Portability (Article 20 GDPR)
  • Right to Object (Article 21 GDPR)
To exercise any of these rights, submit a Data Subject Access Request (DSAR) through the Compliance page of the respective Merchant’s store.

8. Data Transfers Outside the EEA

If End User data is transferred outside the European Economic Area (EEA), it will be done in compliance with Standard Contractual Clauses (SCCs) or other approved mechanisms ensuring adequate protection.

9. Contact Information

If you have any questions about how your personal data is processed, you may contact Consentmo's Data Protection Officer (DPO) at:

Email: privacy@consentmo.com
Address: 4 Prof. Georgi Bradistilov, entr. A, 4th floor, Sofia, Bulgaria

For complaints, you may contact your local data protection authority.

10. Final Provisions

This End-User Data Processing Addendum is effective as of the last update date listed below and will be reviewed periodically to remain compliant with evolving regulations.
Last updated: 8 April, 2025
Subscribe to get our monthly newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Started
FeaturesPricing
Regulations
GDPR (EU)CCPA (California)US State Laws (All)PIPEDA (Canada)LGPD (Brazil)APPI (Japan)PDPA (Thailand)POPIA (South Africa)APA (Australia)NZPA (New Zealand)
Resources
BlogeBooksKnowledge BaseCookie ScannerAdaptive Mobile Experience
Comparison
Consentmo vs.
Shopify Consentmo vs. PandectesConsentmo vs.
Avada
Compliance
Google Consent Mode v2IAB TCFGlobal Privacy ControlShopify Customer Privacy
Company
About us
FAQs
Contact
Legal
Terms of ServicePrivacy PolicySupport Policy
UET consent mode microsoft logo
Shopify app storeShopify app store
Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
© 2025 Consentmo. All Rights Reserved.

The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.
Subscribe to get our monthly newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Started
FeaturesPricingBlack Friday Offer⚡
Regulations
GDPR (EU)CCPA (California)US State Laws (All)LGPD (Brazil)PIPEDA (Canada)APPI (Japan)PDPA (Thailand)POPIA (South Africa)APA (Australia)NZPA (New Zealand)
Resources
BlogeBooksKnowledge baseCookie ScannerAdaptive Mobile Experience
Comparison
Consentmo vs. Shopify Consentmo vs. PandectesConsentmo vs. Avada
Compliance
Google Consent Mode v2IAB TCFGlobal Privacy ControlShopify Customer Privacy
Company
About us
FAQs
Contact
Legal
Terms of ServicePrivacy PolicySupport Policy
Shopify app storeShopify app storeShopify partners
Shopify app storeShopify app store
Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
© 2025 Consentmo. All Rights Reserved.

The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.