Clove Digital LLC (“Clove”) Data Protection Terms

Published August 1 2023, Effective as of January 1, 2024

These Terms of Use replace and supersede all prior versions.

  • Definitions
  • General Provisions
  • Processing and Types of Personal Data
  • Customer’s Responsibility
  • Clove’s Responsibility
  • Security of Personal Data
  • Individual Requests
  • Costs

These Data Protection Terms (“Data Protection Terms”) outline the responsibilities of both parties in adhering to relevant Data Protection Laws, in the context of Clove’s provision and the Customer’s usage of the Services.

1. Definitions

The capitalized terms below will have the assigned meanings. Any capitalized term not defined here will carry the meaning given in the Service Agreement.

  1. “Services” refers to the SaaS software solutions, consulting, and management services provided by Clove and its Affiliates for e-commerce sellers.

  2. “Data Protection Laws” encompasses any applicable laws, regulations, and rules related to privacy and data protection.

  3. “Service Agreement” denotes the contract under which Clove supplies the Services to the Customer, either directly or through intermediaries.

  4. “Instruction” signifies any documented directive or data input that Clove receives from the Customer.

  5. “Personal Data” is defined as per Data Protection Laws regarding this term or any analogous terms (like “personal information” or “personally identifiable information”). In jurisdictions without such laws, it refers to information that, alone or combined with other data (like phone numbers, email addresses, precise GPS locations, or government IDs), allows Clove to identify a specific individual.

  6. “Process” or “Processing” is interpreted according to the relevant Data Protection Laws relating to this term. In the absence of such a term, it refers to any operation performed on Personal Data, including collection, recording, storage, adaptation, alteration, retrieval, usage, disclosure, availability, erasure, or destruction.

2. General Provisions

These Data Protection Terms are applicable to the Processing of Personal Data by Clove in the course of delivering the Services under the Service Agreement. Any claims related to data privacy or Personal Data will be subject to the liability limitations outlined in the Service Agreement. In instances of discrepancies between these Data Protection Terms and the Service Agreement, these Data Protection Terms will take precedence. These Data Protection Terms supersede any previous version of similar terms.

3. Processing and Types of Personal Data

For the purposes of applicable Data Protection Laws, Clove is designated as the “processor” or “service provider,” and the Customer as the “controller” or “business.”

The specific details of data Processing, including the subject matter, nature, purpose, and types of Personal Data processed, are determined by the Customer’s use of Clove’s Services. This may include Personal Data such as email addresses, names, physical addresses, IP addresses, marketing profiles, unique user IDs (like cookie IDs), or images, documents, or content containing Personal Data. The duration of Processing aligns with the duration of the applicable Service as stipulated in the Service Agreement.

  1. In relation to any Personal Data contained within Customer Data or Customer Content:

    1. It is acknowledged and agreed that Clove will Process Personal Data on behalf of the Customer and according to the Customer’s Instructions, in compliance with the Service Agreement and these Data Protection Terms.

    2. Clove is required to abide by its obligations under Data Protection Laws and safeguard Personal Data as mandated by these laws during the Processing for the Customer (including obligations related to the use of subcontractors).

    3. The Customer must adhere to its obligations under Data Protection Laws and execute all necessary actions under these laws to enable Clove to Process the Personal Data for the purposes of the Service Agreement (including, but not limited to, providing notifications, obtaining consents, and making required disclosures under the Data Protection Laws).

  2. Notwithstanding any terms in the Service Agreement, a party’s liability for breaching this clause or its obligations under Data Protection Laws shall be proportionately diminished to the extent that any wrongful (including negligent) action or omission by the other party, its personnel, or any third party acting on its behalf directly caused or contributed to the breach.

4. Customer’s Responsibility

  1. The Customer shall provide Instructions to Clove as agreed upon by the Parties in the Service Agreement, or through their usage of Clove’s Services.

  2. Should the Customer become aware of any breaches or irregularities concerning the requirements of applicable Data Protection Laws, the Customer shall, if mandated by such laws, promptly notify Clove and provide it with commercially reasonable Instructions to prevent non-compliance with the applicable Data Protection Laws.

5. Clove’s Responsibility

  1. Clove will Process Personal Data exclusively within the boundaries of the Customer’s Instructions and as allowed in the Service Agreement for the specified business purposes of the applicable Service. Should Clove, based on reasonable belief, discern that an Instruction from the Customer is in violation of Data Protection Laws, it will notify the Customer. Clove may, but is not obligated to, suspend the execution of the concerned Instructions until the Customer confirms in writing that such Instructions are in accordance with applicable Data Protection Laws. Despite the aforementioned, Clove may Process the Personal Data if required under the Data Protection Laws to which it is subject. In this case, Clove shall inform the Customer of this requirement prior to processing, unless prohibited for significant reasons of public interest by the Data Protection Laws.

  2. Upon the Customer’s reasonable request, and as required by applicable Data Protection Laws, Clove shall: (i) delete or return, or provide measures designed to enable the Customer to delete and/or retrieve, all Personal Data within Customer Data or Customer Content upon the termination of the relevant Services, except when retention is legally mandated; (ii) supply necessary information to demonstrate compliance with applicable Data Protection Laws; and (iii) provide to the Customer, through Clove’s designated platform, any third-party certifications and audits related to the Services. Should Clove determine that it can no longer fulfill its obligations under applicable Data Protection Laws, it will notify the Customer promptly if required by these laws.

  3. Clove will ensure that every individual Processing Personal Data within Customer Data or Customer Content is bound by confidentiality obligations with respect to such data.

  4. The Customer acknowledges that Clove may use subcontractors for the provision of its Services. These subcontractors may include Clove’s Affiliates or third-party service providers. Clove has contractual arrangements with these subcontractors ensuring they adhere to obligations equivalent to those set forth in these Data Protection Terms. Clove will maintain transparency and provide updates regarding any new subcontractor engagement.

  5. Clove will not:

    1. Sell, or share for targeted or cross-context behavioral advertising as defined by applicable Data Protection Laws, the Personal Data it receives from or on behalf of the Customer, except as directed by the Customer and permitted in the Service Agreement.

    2. Retain, use, or disclose Personal Data outside of its direct business relationship with the Customer or for any purposes other than those specified in the Service Agreement or as permitted by applicable Data Protection Laws.

    3. Combine Personal Data received from the Customer with that from other sources, except for business purposes as specified in the Service Agreement or as permitted by applicable Data Protection Laws.

6. Security of Personal Data

  1. Clove has implemented and continuously maintains reasonable and appropriate technical and organizational measures concerning the protection of Personal Data processed under these terms.

  2. Clove’s technical and organizational measures are subject to technical progress and development. Therefore, Clove reserves the right to modify these measures, ensuring that the functionality and security of the Services are not compromised.

7. Individual Requests

If Clove receives a request regarding data rights from an individual that pertains to the Customer, Clove will promptly inform the Customer of such request(s). It is the responsibility of the Customer to ensure that these requests are handled in compliance with Data Protection Laws.

8. Costs

In instances where the Customer requests assistance from Clove in fulfilling its obligations under applicable Data Protection Laws that extends beyond the standard functionality of the Services, Clove may charge the Customer for any costs incurred beyond the agreed-upon fees. This is particularly relevant if providing such assistance without charge is not commercially reasonable for Clove, considering factors like the volume of requests, complexity of Instructions, and the requested timescale. This may include costs related to executing Instructions for the erasure or return of the Customer’s Personal Data, additional storage costs, or retention of the Customer’s Personal Data.