Zotabox GDPR Data Processing Agreement


Zotabox (hereafter referred to as “processor”) is committed to ensuring the privacy, confidentiality and security of website owner’s data (hereafter referred to Merchants or “controllers”) and also the data of visitors to Merchant websites (hereafter referred to as website visitors or customers).

Zotabox has less than 250 employees but we strive to provide as much information as possible regarding our GDPR compliance.  

The Controller (Merchant) processes Personal Data in connection with its business activities;

The Processor (Zotabox) processes Personal Data on behalf of other businesses and organisations;

The Controller wishes to engage the services of the Processor to process personal data on its behalf;


In this Agreement the following words and phrases shall have the following meanings, unless inconsistent with the context or as otherwise specified:

“Personal data” shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic cultural or social identity;

“Processing of personal data” shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

“Sub-contract” and “sub-contracting” shall mean the process by which either party arranges for a third party to carry out its obligations under this Agreement and “Sub Contractor” shall mean the party to whom the obligations are subcontracted; and

“Technical and organisational security measures” shall mean measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing.


In consideration of the Controller engaging the services of the processor to process personal data on its behalf the Processor shall comply with the security, confidentiality and other obligations imposed on it under this Agreement.

Customer Data Use and Storage:

Time Limitations

Delete or Edit Data Request

Security and Privacy


Legal Obligations

Breach Notification

Third Party Integrations

Note about Social Accounts


Responsibility of Merchant

Note about tools set to display to EU visitors only

Limitations of Liability


This agreement maybe updated as new technology and regulations arise.

Term and Termination

This Agreement shall continue in full force and effect for so long as the Processor is processing personal data on behalf of the Controller.

Delete ALL Zotabox Merchant and Customer Data

Signed Copy of Agreement

Please contact Zotabox at customerservice@zotabox.com if you require a signed copy of the above agreement. Please provide your company name, website url and name of signing officer.