OmegaTheme logo

Data Processing Agreement

This Data Processing Agreement ("DPA") is entered into by and between:

  • Omegatheme ("Processor", "we", "us", "our"), and
  • The Client ("Client", "Merchant", "You", "Your", "Controller"), who has agreed to Omegatheme's Terms of Service or other agreement relating to the provision of the Services.

This DPA forms an integral part of the Service agreement between Omegatheme and the Client (the "Agreement") and governs the processing of personal data by Omegatheme on behalf of the Client in accordance with Article 28 of the General Data Protection Regulation (GDPR) and other Applicable Data Protection Law.

By installing an Omegatheme application from the Shopify App Store, You accept this DPA which forms part of Your agreement with Omegatheme for the provision of the Services ("Services").

1. Definitions

1.1 GDPR Definitions. Terms defined in Regulation (EU) 2016/679 ("GDPR") have the same meaning in this DPA, including but not limited to: "Personal Data", "Processing", "Controller", "Processor", "Data Subject", "Personal Data Breach", "Supervisory Authority".

1.2 Additional Definitions.

  • "Services": The software applications and related services provided by Omegatheme to merchants via the Shopify platform, including any Omegatheme application the Controller installs or uses.
  • "Subprocessor": Any third party authorized by Omegatheme to process Personal Data on behalf of the Controller.
  • "End Users" or "Visitors": Customers who visit or interact with the Controller's Shopify store and whose Personal Data may be processed via the Services.
  • "Cloud Provider": Leaseweb (Leaseweb Global B.V. and its affiliates), the third-party server and cloud infrastructure provider used by Omegatheme to host, process and store data.
  • "Applicable Data Protection Law": The GDPR (EU Regulation 2016/679), and where applicable, other privacy regulations such as Vietnam's Personal Data Protection Decree (Decree No. 13/2023/ND-CP) and the Personal Data Protection Law of Vietnam, the UK GDPR, CCPA, and local EU laws.
  • "US Privacy Laws": United States federal and state privacy laws applicable to the processing under this DPA, including the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, "CCPA"), and comparable state laws such as the Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and Utah UCPA. The terms "Business", "Service Provider", "Sell", "Share", "Consumer", and "Personal Information" have the meanings given to them under the CCPA.
  • "Third-Party Platforms" means third-party services and platforms (such as Google, Meta/Facebook, or TikTok) to which the Services may transmit data where the Controller enables and configures such an integration.
  • "Shopify" means Shopify Inc. and its e-commerce platform where the Omegatheme applications are installed and operate.

2. Appointment and Authorization

2.1 Appointment as Processor. The Controller appoints Omegatheme as a Processor to process Personal Data on the Controller's behalf in connection with the Services. This appointment is made in accordance with Article 28(1) GDPR.

2.2 Authorization to Process. Omegatheme is authorized to process Personal Data only:

  • To provide the Services as configured by the Controller;
  • In accordance with the Controller's documented instructions;
  • As required by applicable law.

This fulfills the requirements of Article 28(3)(a) GDPR.

3. Processing Instructions

3.1 Documented Instructions. Omegatheme shall process Personal Data only on documented instructions from the Controller, which include:

  • This DPA and any future amendments;
  • The settings and configurations selected by the Controller within the Services, including: integration configurations (which Third-Party Platforms to send data to, where applicable); privacy and consent settings (Controller must configure these appropriately for their compliance needs); and other data protection settings and preferences;
  • Written instructions sent to [email protected];
  • Instructions required to comply with applicable law.

Note: The Controller is responsible for configuring privacy and consent settings appropriately before collecting End User data. Omegatheme processes data according to these configured settings. This fulfills the requirements of Article 28(3)(a) GDPR.

3.2 Notification. Omegatheme will notify Controllers of significant Service issues that may impact data collection. However, brief interruptions or minor technical issues may be resolved without notification if they do not materially impact the Service. If Omegatheme:

  • Cannot comply with an instruction due to technical limitations or legal requirements;
  • Experiences technical issues affecting data collection or processing;
  • Is required by law to process data beyond the Controller's instructions;

Omegatheme shall:

  • Promptly notify the Controller of the issue via email and/or dashboard notification;
  • Use commercially reasonable efforts to resolve any technical issues;
  • Continue processing as required by applicable law (if legal obligation exists);
  • Provide available workarounds or alternative solutions where feasible.

Service Limitations: The Controller acknowledges that: technical issues may occasionally affect data collection and processing; some data loss may occur during Service interruptions or technical issues; Omegatheme will use commercially reasonable efforts to minimize any data loss; and real-time data collection depends on multiple factors including third-party platforms and browser technologies.

3.3 Controller Obligations. The Controller shall:

  • Ensure that its instructions comply with applicable data protection laws;
  • Determine the lawful basis for all processing activities;
  • Inform and obtain valid consent from data subjects where required;
  • Ensure that personal data transferred to Omegatheme is accurate and kept up to date;
  • Provide documented instructions that are lawful and proportionate;
  • Remain solely responsible for determining whether its use of Omegatheme Services complies with its legal obligations under GDPR and other applicable laws.

4. Purpose, Nature, and Duration of Processing

4.1 Subject Matter. The subject matter of the processing is the provision of the Services through the Omegatheme applications, which operate on the Shopify platform.

4.2 Purpose of Processing. Personal Data shall be processed exclusively for the following purposes:

  • Provide, operate, and support the Services as configured by the Controller;
  • Enable the features and functionality of the applicable Omegatheme application;
  • Transmit data to Third-Party Platforms where such integrations are enabled and configured by the Controller;
  • Support Service operations, troubleshooting, and improvements specific to the Controller's implementation of the Services;
  • Enable enhanced functionalities through Controller-selected integrations and settings, including browser-based data retention (cookies, local/session storage) where applicable.

This fulfills the requirements of Article 28(3) GDPR.

4.3 Nature of Processing. Processing operations may include, depending on the applicable Omegatheme application:

  • Collection of data submitted to, or generated through, the Services;
  • Transmission to Third-Party Platforms configured by the Controller;
  • Pseudonymization (hashing) of identifiers where applicable;
  • Storage in the Cloud Provider's infrastructure;
  • Organization, retrieval, analysis, and reporting;
  • Deletion upon instruction.

4.4 Duration of Processing. Processing shall continue for the duration of the Controller's active Omegatheme subscription. Data is deleted or returned upon termination as per Section 10 of this DPA. This information is required by Article 28(3) GDPR.

5. Categories of Data and Data Subjects

5.1 Categories of Data Subjects.

  • End Users/Visitors: Customers and visitors of the Controller's Shopify store.
  • Controller's Personnel: Store owner and authorized team members who interact with Omegatheme.

This information is required by Article 28(3) GDPR.

5.2 Categories of Personal Data. The specific categories depend on the Omegatheme application used and the Controller's configuration, and may include:

From Store Visitors (End Users):

  • Identifiers and Online Identifiers: User, device, or session identifiers, unique identifiers, checkout identifiers/tokens, cookie and local/session storage values, and advertising identifiers;
  • User-Provided Information: Email, phone number, shipping/billing address, locale/language preferences, and consent status, where provided or configured;
  • Device and Browser Data: IP address, user agent, device and browser characteristics, and request headers;
  • Usage, Event, and Behavior Data: Page or screen interactions, event names and timestamps, referring and page URLs, and related content submitted through the Services;
  • Location Data: Country and approximate geolocation derived from IP address;
  • Time-Based Information: Created/updated timestamps and event times.

From Clients (Merchants):

  • Store, Merchant and app usage information: Store URL, Store plan, Store domain, date of installation/uninstallation, store owner name, email address, country;
  • App usage data: Operations performed inside the Services (integrations, access management, professional services);
  • Payment history: Excluding payment details (all billing is managed by Shopify);
  • Contact information: Provided via support channels;
  • Third-Party API Data (if enabled): Data retrieved from platforms the Controller connects (optional, based on integrations).

This fulfills the requirements of Article 28(3) GDPR.

5.3 Special Categories of Data. No special categories of data under Article 9 GDPR are intentionally collected or processed.

6. Security of Processing

6.1 Technical and Organizational Measures. Omegatheme shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical Measures Currently Implemented:

  • Encryption at rest using AES-256;
  • Encryption in transit using TLS 1.2 or higher (HTTPS for all data transfers);
  • Pseudonymization: Email addresses and other personal identifiers are hashed (SHA-256) before being sent to third-party platforms per their guidelines;
  • Access controls using the Cloud Provider's identity and access management (IAM);
  • Regular security patching and vulnerability management;
  • Web Application Firewall (WAF) protection;
  • Cloud Provider infrastructure redundancy and availability features.

Note: The Cloud Provider provides built-in redundancy and data durability, and Omegatheme maintains backup and recovery procedures for personal data, including encrypted backups and documented restoration processes.

Organizational Measures:

  • Personnel access on least-privilege basis;
  • All personnel authorized to access Personal Data are subject to confidentiality obligations;
  • Annual security awareness training;
  • Documented incident response procedures;
  • Regular security assessments;
  • Internal access is restricted to authorized personnel only.

This fulfills the requirements of Article 28(3)(c) and Article 32 GDPR.

6.2 Security Updates. Omegatheme shall regularly review and update security measures to maintain appropriate protection levels.

6.3 Data Storage. Omegatheme may store certain data in the user's browser, including existing or custom cookie values, URL parameters, and other information provided by the user, using browser-based technologies such as Cookies, Local Storage, or Session Storage. These processes are essential for maintaining data integrity, supporting necessary backend operations, and delivering core, additional, and enhanced functionalities.

7. Confidentiality

7.1 Personnel Confidentiality. Omegatheme ensures that:

  • All personnel authorized to process Personal Data have committed to confidentiality or are under statutory obligation of confidentiality;
  • Access is limited to personnel who need it for providing the Services;
  • All personnel receive appropriate data protection training.

This fulfills the requirements of Article 28(3)(b) GDPR.

7.2 Ongoing Obligations. Confidentiality obligations survive termination of employment or engagement.

8. Subprocessors

8.1 General Authorization. The Controller provides general written authorization for Omegatheme to engage Subprocessors, subject to the requirements in this section.

8.2 Current Subprocessors. The Controller acknowledges that Omegatheme engages multiple Sub-processors to provide the Services, including but not limited to our Cloud Provider as our primary infrastructure provider for cloud hosting and data storage. The complete and current list of all Sub-processors, including their specific processing activities and locations, is maintained by Omegatheme and made available to the Controller upon request and in accordance with Section 8.3.

8.3 Adding or Replacing Subprocessors.

  • Omegatheme shall notify the Controller at least 15 days before adding or replacing any Subprocessor;
  • Notification shall be provided via email and dashboard notification;
  • Notification shall include the Subprocessor's name, location, and processing activities;
  • Emergency replacement: Where Omegatheme must replace a Subprocessor on an urgent basis for security, legal, or continuity reasons (including where the Subprocessor ceases to provide its services or poses a risk to Personal Data), Omegatheme may engage the replacement Subprocessor before the end of the notice period and shall notify the Controller without undue delay thereafter.

This fulfills the requirements of Article 28(2) GDPR.

8.4 Right to Object.

  • The Controller may object within the notification period on reasonable grounds relating to data protection;
  • If the objection cannot be resolved, either party may terminate the affected Services;
  • Continued use after the objection period constitutes acceptance.

This fulfills the requirements of Article 28(2) GDPR.

8.5 Subprocessor Obligations. Omegatheme shall:

  • Ensure that any Subprocessor is contractually bound by data protection obligations no less protective than those set out in this DPA;
  • Remain fully liable for Subprocessor performance;
  • Conduct appropriate due diligence before engagement;
  • Where a Subprocessor processes Personal Data in another country, ensure appropriate safeguards and contractual data protection obligations are in place.

This fulfills the requirements of Article 28(4) GDPR.

9. Data Location and International Processing

9.1 Data Location. Personal Data is processed and stored on infrastructure operated by Omegatheme's Sub-processors, primarily on servers hosted with our Cloud Provider (Leaseweb). Additional Sub-processors may process data in other locations as required to provide the Services.

9.2 Safeguards. Where Personal Data is processed in a country other than the Controller's country of origin, Omegatheme protects the data through:

  • The technical and organizational measures described in this DPA;
  • Contractual data protection obligations imposed on all Sub-processors that are no less protective than those set out in this DPA;
  • Pseudonymization (hashing) of personal identifiers and encryption in transit and at rest;
  • Access control and monitoring;
  • Geographic restriction to known Sub-processor regions.

9.3 Frequency and Volume. Processing and any cross-border data flows occur continuously during Service provision as end-user interactions are tracked and processed.

10. Data Retention and Deletion

10.1 Deletion or Return Upon Termination. Upon termination or expiry of the Services, Omegatheme shall, at the choice of the Controller:

  • Return all personal data processed on behalf of the Controller, or
  • Delete such data, unless retention is required by applicable law.

Omegatheme shall inform the Controller if it is legally obligated to retain any personal data after the termination of processing activities. This fulfills the requirements of Article 28(3)(g) GDPR.

10.2 Deletion on Request During Active Service. During the term of Service, the Controller may request the deletion of personal data at any time through the Services or by written instruction. Omegatheme shall delete such data without undue delay, unless retention is required by applicable law. If immediate deletion is not technically feasible, Omegatheme shall inform the Controller of the reason and the expected timeline. This fulfills the requirements of Article 28(3)(f) GDPR.

10.3 Deletion Timing and Method. Unless otherwise agreed in writing, Omegatheme shall delete personal data:

  • Within 30 days following Service termination or final instruction from the Controller;
  • Using secure deletion methods appropriate to the nature and format of the data.

10.4 Data Export During Service. To exercise data access rights, Controllers can use the account or data settings available within the Services or contact [email protected].

10.5 Retention Periods. In accordance with the Terms of Service Section 11.4.2, Omegatheme retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected and processed. Specifically:

  • Merchant data (including Store and app usage information) is retained for the duration of the Service agreement;
  • Visitor data (End User data processed through the Services) is retained only for the necessary duration to fulfill the processing purposes as configured by the Controller.

Clients may request deletion of their data at any time via the Services. All data retention is subject to legal obligations, dispute resolution needs, enforcement of agreements, security requirements, or legitimate business interests (including backups, audit logs, and fraud prevention).

10.6 Shopify Compliance Webhooks. As a Shopify application, Omegatheme implements and honors Shopify's mandatory privacy webhooks. Upon receiving the relevant webhook from Shopify, Omegatheme will:

  • customers/data_request: provide the Controller with the relevant End User Personal Data in Omegatheme's possession to enable the Controller to respond to a data subject access request;
  • customers/redact: delete the relevant End User's Personal Data;
  • shop/redact: delete the Controller's store data following uninstallation of the app, within the timeframe required by Shopify.

These mechanisms operate in addition to, and are consistent with, the deletion and data subject rights provisions set out in Sections 10 and 11 of this DPA.

11. Assistance with Data Subject Rights

11.1 Assistance Obligation. Omegatheme shall provide reasonable assistance to the Controller in fulfilling its obligations to respond to data subject requests regarding:

  • Access to Personal Data (Article 15 GDPR);
  • Rectification (Article 16 GDPR);
  • Erasure (Article 17 GDPR);
  • Restriction of processing (Article 18 GDPR);
  • Data portability (Article 20 GDPR);
  • Objection to processing (Article 21 GDPR).

This fulfills the requirements of Article 28(3)(e) GDPR.

11.2 Procedure for Requests.

  • If Omegatheme receives a request directly from a data subject, it shall promptly inform the Controller without undue delay and not respond to the request itself unless instructed in writing by the Controller;
  • Store visitors in Europe or California: Merchants can configure consent and data collection preferences through the privacy/consent settings available within the Services;
  • Omegatheme complies with GDPR/CCPA by respecting the preferences provided via consent management tools.

11.3 Technical Assistance. Omegatheme provides tools and technical measures to enable the Controller to respond to data subject requests in a timely and legally compliant manner.

12. Security Breach Notification

12.1 Notification Timeline. Omegatheme shall notify the Controller without undue delay, and in any case within 72 hours, after becoming aware of a Personal Data Breach. The notification will be delivered via email. This fulfills the requirements of Article 28(3)(f) and Article 33 of the GDPR.

12.2 Initial Notification Content. The initial breach notification shall include, to the extent known:

  • A description of the breach, including the type of incident, categories of data subjects, and estimated number of records affected;
  • The likely consequences of the breach;
  • Measures taken or planned to address the breach and mitigate potential harm;
  • Contact information for follow-up.

This fulfills the requirements of Article 33(3) GDPR.

12.3 Ongoing Cooperation. Omegatheme shall:

  • Cooperate fully with the Controller in fulfilling any regulatory notification duties;
  • Document all breaches regardless of notification requirement;
  • Implement measures to prevent recurrence.

This fulfills the requirements of Article 28(3)(f) GDPR.

12.4 Exclusions. Omegatheme is not required to notify the Controller of:

  • Failed login attempts or port scans that do not compromise personal data;
  • Internal testing or security exercises;
  • Minor incidents that do not affect personal data or fall below regulatory reporting thresholds.

13. Audit and Inspection Rights

13.1 Audit Rights. The Controller has the right to conduct audits or inspections of Omegatheme's data processing activities and relevant systems, as required under Article 28(3)(h) GDPR.

13.2 Audit Procedures. Omegatheme shall satisfy the Controller's audit rights primarily by making available documentation describing its security measures, summary information, and relevant third-party audit reports or certifications (such as SOC 2, ISO 27001, or equivalent), where available. A direct audit or on-site inspection may be conducted only where: (a) required by a competent supervisory authority; (b) following a confirmed Personal Data Breach affecting the Controller's Personal Data; or (c) the documentation and reports made available above are insufficient to demonstrate compliance. Any such audit shall be:

  • Limited to once per twelve (12) month period (unless legally required more frequently), conducted with at least 30 days' prior written notice, during normal business hours;
  • Conducted by the Controller or an independent third-party auditor that is not a competitor of Omegatheme and that is bound by appropriate confidentiality obligations;
  • Limited in scope to the processing of the Controller's own Personal Data, and shall not extend to the personal data of any other customer or to multi-tenant systems or infrastructure in a manner that would compromise the security or confidentiality of other customers;
  • At the Controller's expense, except where the audit reveals a material breach by Omegatheme of this DPA;
  • Performed in a manner that does not unreasonably disrupt Omegatheme's operations.

This fulfills the requirements of Article 28(3)(h) GDPR.

13.3 Documentation. Omegatheme shall maintain appropriate records of processing activities and make them available to the Controller or competent supervisory authority upon request. This fulfills the requirements of Article 28(3)(h) GDPR.

14. Compliance Assistance

14.1 General Assistance. Taking into account the nature of the processing, Omegatheme shall assist the Controller, upon request, in ensuring compliance with:

  • Implementing appropriate technical and organizational security measures (Article 32 GDPR);
  • Notifying the supervisory authority and data subjects in the event of a personal data breach (Articles 33 and 34 GDPR);
  • Conducting data protection impact assessments (Article 35 GDPR);
  • Consulting the supervisory authority prior to processing where required (Article 36 GDPR).

This assistance shall be provided in accordance with Article 28(3)(f) GDPR.

14.2 Information Provision. Omegatheme shall provide all information necessary to demonstrate compliance with Article 28 GDPR obligations. This fulfills the requirements of Article 28(3)(h) GDPR.

15. Prohibited Uses

15.1 Restrictions on Processing. Omegatheme shall not:

  • Use personal data for its own purposes;
  • Sell, license, or share personal data with third parties except as necessary to perform the Services in accordance with this DPA and the Controller's instructions;
  • Combine or enrich data in a way that violates data protection laws;
  • "Sell" or "share" Personal Data as those terms are defined under U.S. Privacy Laws, including the California Consumer Privacy Act (CCPA).

Where the Controller and its End Users are subject to US Privacy Laws, the additional terms set out in Section 16 (CCPA / US State Privacy Terms) shall apply.

15.2 Aggregated and Anonymized Data. Notwithstanding Section 15.1, Omegatheme may create and derive anonymized and/or aggregated data that does not identify the Controller or any natural person from its processing in connection with the Services, and may use such anonymized and/or aggregated data to operate, secure, develop, and improve the Services and for Omegatheme's other legitimate business purposes. Omegatheme shall implement reasonable measures to ensure such data cannot be re-identified and shall not attempt to re-identify it.

16. CCPA / US State Privacy Terms

16.1 Application. This Section applies where the Controller is a "Business" and the End Users are "Consumers" subject to the California Consumer Privacy Act (CCPA) or other US Privacy Laws. In the event of a conflict between this Section and the rest of this DPA with respect to processing governed by US Privacy Laws, this Section controls for those matters.

16.2 Roles of the Parties. For the purposes of US Privacy Laws, the Controller is the "Business" and Omegatheme is the "Service Provider" (and, where applicable under other state laws, a "Processor") that processes Personal Information on behalf of, and at the direction of, the Business.

16.3 Limitations on Processing. Omegatheme shall process Personal Information only for the limited and specified business purposes of providing the Services as described in this DPA and the Agreement, and shall not:

  • Sell or Share Personal Information (as "Sell" and "Share" are defined under the CCPA);
  • Retain, use, or disclose Personal Information for any purpose other than the business purposes specified in this DPA, or as otherwise permitted by the CCPA;
  • Retain, use, or disclose Personal Information outside the direct business relationship between Omegatheme and the Controller;
  • Combine Personal Information received from, or on behalf of, the Controller with Personal Information received from, or on behalf of, any third party, or collected from Omegatheme's own interaction with Consumers, except as permitted under the CCPA (e.g. to perform a business purpose authorized by the Controller).

16.4 Certification. Omegatheme certifies that it understands the restrictions set out in Section 16.3 and will comply with them.

16.5 Consumer Rights. Omegatheme shall provide reasonable assistance to the Controller in responding to verifiable Consumer requests to exercise their rights under US Privacy Laws, including the rights to know/access, delete, correct, opt out of sale/sharing, and limit the use of sensitive personal information. The assistance mechanisms described in Section 11 of this DPA apply equally to such requests.

16.6 Notice of Inability to Comply. Omegatheme shall notify the Controller without undue delay if it determines that it can no longer meet its obligations under US Privacy Laws. Upon such notice, the Controller may take reasonable and appropriate steps to stop and remediate any unauthorized use of Personal Information.

16.7 Right to Monitor. The Controller has the right to take reasonable and appropriate steps to ensure that Omegatheme uses Personal Information in a manner consistent with the Controller's obligations under US Privacy Laws, consistent with the audit rights set out in Section 13 of this DPA.

16.8 Deidentified Data. Where Omegatheme processes deidentified data, it shall maintain and use such data in accordance with the CCPA's requirements for deidentified information and shall not attempt to reidentify the data, except as permitted by law.

17. Liability

17.1 Statutory Liability. Each Party shall be liable for the damages it causes through an infringement of this DPA or Applicable Data Protection Laws. Nothing in this DPA limits either party's liability under Articles 82 and 83 GDPR.

17.2 Responsibility Allocation.

  • The Controller shall be responsible for obtaining a valid legal basis for processing and for ensuring that its instructions are lawful;
  • The Processor shall be responsible for processing personal data in accordance with the Controller's instructions and with the obligations set forth in this DPA.

This allocation reflects Article 82 GDPR.

17.3 Limitation of Liability. Subject to Section 17.1, each party's and its affiliates' total aggregate liability arising out of or in connection with this DPA, whether in contract, tort (including negligence), or any other theory of liability, shall be subject to the exclusions and limitations of liability set out in the Agreement (Terms of Service). Any claim brought against Omegatheme or its affiliates under or in connection with this DPA shall be brought solely by the Controller entity that is a party to the Agreement.

18. Term and Termination

18.1 Term. This DPA:

  • Takes effect upon installation of an Omegatheme application;
  • Continues for the duration of the Services;
  • Supersedes any previous data processing terms.

18.2 Survival. The following sections survive termination:

  • Data deletion obligations (Section 10);
  • Confidentiality (Section 7);
  • Liability provisions (Section 17);
  • Any terms that by nature should survive.

18.3 Termination. Termination of this DPA shall be governed by the termination provisions in the Terms of Service (Section 11). Specifically:

  • For breach of terms, security risks, or legal requirements: Immediate termination without prior notice;
  • For termination without cause: 30 days' written notice as specified in Terms of Service Section 11.3.2.

Upon termination, data deletion obligations in Section 10 of this DPA shall apply.

19. Miscellaneous

19.1 Governing Law. This DPA shall be governed by the laws of Vietnam, without regard to its conflict of law principles.

19.2 Jurisdiction. Any dispute arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the competent courts of Vietnam.

19.3 Modification. Omegatheme will provide 30 days advance notice for any material changes to this DPA via email or dashboard notification. Non-material changes (such as clarifications, typo corrections, or formatting updates) may be made without advance notice. Material changes require Your acceptance through continued use of the Services after the notice period. If You do not agree to the modified DPA, You must discontinue use of the Services before the effective date of the changes.

19.4 Links to Other Websites. Our Service may contain links to third-party websites or Services that are not owned or controlled by Omegatheme. Omegatheme has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party websites or Services.

19.5 Order of Precedence. For matters related to data protection and privacy, the following order of precedence shall apply:

  • Mandatory provisions of applicable data protection law (including GDPR);
  • This DPA;
  • Terms of Service (for data protection matters specifically addressed therein);
  • Any other agreement between the parties.

This order of precedence applies only to data protection matters. For all other matters, the order of precedence in Section 14.13 of the Terms of Service shall apply.

Contact

Công ty Cổ phần Phần mềm Cyber (Cyber Software Joint Stock Company)

No. 3, Alley 175/55 Lac Long Quan, Tay Ho Ward, Hanoi City, Vietnam

Business Registration No. / Tax Code (MST): 0109598571

Email: [email protected]

By installing an Omegatheme application, You acknowledge that You have read, understood, and agree to be bound by this Data Processing Agreement.

Get started

Get in touch with us. We're here to assist you.

Subscribe background

Subscribe to get our newest updates

Enter your email address below to get new notifications