DATA PROCESSING ADDENDUM TO

THE TERMS OF USE OF

Consentmo GDPR Compliance app

This Data Processing Addendum (“DPA”) applies to you (the “Client”) and Consentmo Ltd. (“Consentmo”), located at 4 Prof. Georgi Bradistilov, entr. A, 4th floor, Sofia, Bulgaria, for the processing of personal data. This Data Processing Addendum is applicable together with the Terms of use (available at: https://www.consentmo.com/privacy-policy-terms-of-service/en). By clicking “I accept” using our Services - Consentmo app, you agree to all terms and conditions of this Data Processing Addendum and Terms of use.

1. Background

(a) The Client has appointed Consentmo for the provision of GDPR compliance services by Consentmo to the Client (the “Services”). Consentmo may process and host the visitor information of the Client’s website in order to provide the Client with the Services. By using the Services, the Client has granted Consentmo a right to make requests via the API to access and edit customer information, log requests submitted via the Compliance pages, and log customer policy acceptances for the visitors of the site.

(b) This DPA forms part of the Terms to reflect the parties’ agreement regarding the processing of Client Data, including Personal Data, in accordance with the requirements of the Data Protection Legislation.

(c) Consentmo also processes End User data under a separate End-User Data Processing Addendum (DPA). Merchants must reference this addendum in their privacy policies for transparency regarding store visitors/customers.

2. Processing of Personal Data

2.1 Roles of the Parties
The parties acknowledge that:
  • The Client is the Data Controller.
  • Consentmo is the Data Processor.
  • Consentmo may engage Sub-Processors as outlined in Section 4.
2.2. Client’s Processing of Personal Data
2.3. Consentmo Processing of Personal Data
(a) Consentmo shall process data only as instructed by the Client.
(b) Consentmo shall maintain a log of policy acceptances, compliance requests, and DSAR submissions for verification purposes.
(c) Consentmo shall not be responsible for monitoring or controlling the legality of the Client’s processing of End User data.
2.4. Consentmo Processing of Personal Data
This DPA applies to the relationship between Consentmo and the Merchant. For data related to store visitors/customers, the End-User DPA governs that processing. Merchants must reference Consentmo’s End-User DPA in their Privacy Policies.

3. Data Retention and Deletion

  • Cookie consent logs and DSAR requests: Retained for 12 months, after which they are automatically deleted.
  • Merchant data (store settings, logs): Retained for 5 years after termination unless required otherwise.
  • Consentmo shall delete all personal data within 60 days of receiving a written deletion request.

4. Sub-Processors

4.1 Appointment of Sub-Processors
(a) Merchants may request a list of Sub-Processors at any time. (b) Consentmo will notify Merchants of new Sub-Processors at least 14 days in advance. (c) Merchants may object in writing within 10 business days if they have valid data protection concerns.
4.2 Current Sub-Processors
  • Shopify (USA) – Main Customer Records Holder
  • AWS (EU) – Hosting Services
  • Google Analytics (USA) – Analytics Services
  • Twilio SendGrid (USA) – Communication Services
For the full list, see Consentmo’s Privacy Policy.

5. Audit and Assistance

  • Merchants may request verification of how Consentmo processes End User data related to DSAR requests and consent logs.
  • Merchants may request an audit once per year unless required by regulators.

6. Data Transfers Outside the EEA

  • Consentmo transfers data outside the EEA only if legally permissible transfer mechanisms (e.g., Standard Contractual Clauses (SCCs)) are in place.
  • By agreeing to this DPA, the Merchant authorizes Consentmo to enter into SCCs when engaging Sub-Processors outside the EEA.

7. Liability and Indemnity

  • Consentmo’s liability in case of a data breach is capped at the amount paid under the subscription plan.
  • Merchants must indemnify Consentmo against claims arising from non-compliance with privacy obligations toward End Users.

8. Final Provisions

This DPA takes precedence over conflicting terms in the Terms of Use.
Last updated: 8 April, 2025
Subscribe to get our monthly newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Started
FeaturesPricing
Regulations
GDPR (EU)CCPA (California)US State Laws (All)PIPEDA (Canada)LGPD (Brazil)APPI (Japan)PDPA (Thailand)POPIA (South Africa)APA (Australia)NZPA (New Zealand)
Resources
BlogeBooksKnowledge BaseCookie ScannerAdaptive Mobile Experience
Comparison
Consentmo vs.
Shopify Consentmo vs. PandectesConsentmo vs.
Avada
Compliance
Google Consent Mode v2IAB TCFGlobal Privacy ControlShopify Customer Privacy
Company
About us
FAQs
Contact
Legal
Terms of ServicePrivacy PolicySupport Policy
UET consent mode microsoft logo
Shopify app storeShopify app store
Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
© 2025 Consentmo. All Rights Reserved.

The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.
Subscribe to get our monthly newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Started
FeaturesPricingBlack Friday Offer⚡
Regulations
GDPR (EU)CCPA (California)US State Laws (All)LGPD (Brazil)PIPEDA (Canada)APPI (Japan)PDPA (Thailand)POPIA (South Africa)APA (Australia)NZPA (New Zealand)
Resources
BlogeBooksKnowledge baseCookie ScannerAdaptive Mobile Experience
Comparison
Consentmo vs. Shopify Consentmo vs. PandectesConsentmo vs. Avada
Compliance
Google Consent Mode v2IAB TCFGlobal Privacy ControlShopify Customer Privacy
Company
About us
FAQs
Contact
Legal
Terms of ServicePrivacy PolicySupport Policy
Shopify app storeShopify app storeShopify partners
Shopify app storeShopify app store
Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
© 2025 Consentmo. All Rights Reserved.

The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.