top of page

Jewellink Data Processing Addendum


Effective date: 5/01/2026

This Data Processing Addendum ("DPA") supplements the Jewellink Master Terms of Service and applies to Jewellink's processing of personal information in Retailer Data.

1. Roles

For Retailer Customer Data, Retailer is the controller, business, or equivalent entity that determines the purposes and means of processing. Jewellink is the processor, service provider, contractor, or equivalent entity processing Retailer Customer Data on Retailer's behalf.

For Jewellink account administration, billing, security, usage analytics, product operations, and direct business relationships with Retailer personnel, Jewellink may act as an independent controller or business.

2. Processing Instructions

Retailer instructs Jewellink to process Retailer Data to provide, secure, support, maintain, analyze, and improve the Services, including CRM, sales analytics, messaging, training, AI features, mobile functionality, integrations, support, billing, fraud prevention, security, and compliance.

Retailer also instructs Jewellink to process Retailer Data through approved service providers and subprocessors as needed to provide the Services.

3. Retailer Responsibilities

Retailer is responsible for:

  • providing legally valid processing instructions;

  • giving all required notices to customers, employees, leads, and other individuals;

  • obtaining all required consents and authorizations;

  • owning or having sufficient rights to Retailer Data and obtaining all permissions, licenses, API rights, export rights, vendor approvals, and contractual rights required from POS providers, software vendors, data sources, systems, platforms, licensors, and other third parties to access, export, sync, transmit, import, and process Retailer Data through the Services;

  • providing, connecting, authorizing, maintaining, and updating the data sources, credentials, exports, files, feeds, APIs, integrations, mappings, and permissions needed to populate and operate the Services;

  • auditing, validating, reconciling, and correcting Retailer Data, integrations, imports, mappings, sync results, dashboards, reports, analytics, AI outputs, and customer records;

  • responding to privacy rights requests unless Jewellink is legally required to respond directly;

  • ensuring Retailer Data is accurate, lawful, and appropriate for the Services;

  • determining whether the Services are suitable for Retailer's legal obligations; and

  • ensuring Retailer does not submit prohibited or unsupported data.

Retailer will not instruct Jewellink to process data in violation of applicable law.

Jewellink is not responsible for inaccurate, incomplete, stale, unauthorized, or unlawfully supplied Retailer Data; POS vendor restrictions; source system limitations; mapping errors caused by source data or Retailer instructions; or Retailer's failure to maintain required third-party permissions, except to the extent caused by Jewellink's breach of its express obligations under the Agreement.

4. Categories of Data

Retailer Data may include:

  • customer and lead names, contact information, addresses, preferences, birthdays, anniversaries, household details, spouse or family references, notes, and relationship history;

  • sales, transaction, wishlist, appointment, form, inventory, product, associate, location, and POS data;

  • SMS, MMS, email, webchat, Messenger, Instagram, call, and conversation content and metadata;

  • training, course, roleplay, quiz, progress, performance, coaching, and user activity data;

  • uploaded files, images, videos, audio, transcripts, generated media, and product media;

  • connected account tokens, identifiers, and integration metadata;

  • device tokens and mobile app metadata; and

  • billing and subscription metadata, excluding full payment card numbers processed directly by payment processors.

Retailer must not submit, upload, import, sync, store, request, transmit, or otherwise process Prohibited Sensitive Data through the Services unless Jewellink has expressly authorized that processing in a written Order Form, addendum, or signed agreement.

Prohibited Sensitive Data includes social security numbers, full payment card numbers, CVV codes, bank account or routing numbers, consumer credit reports, credit scores, financing applications, loan applications, income information, protected health information, medical information, government identification numbers, driver's license numbers, passport numbers, biometric identifiers or biometric templates, account passwords, authentication credentials, children's data, and other highly sensitive or specially regulated information not expressly supported by the Services.

Retailer remains solely responsible for unauthorized submission of Prohibited Sensitive Data and for all legal obligations, notices, consents, deletion requests, breach notification duties, and claims arising from that unauthorized submission, except to the extent caused by Jewellink's breach of its express obligations under the Agreement.

5. Data Subjects

Data subjects may include Retailer's customers, leads, prospects, employees, contractors, authorized users, sales associates, administrators, vendors, and other individuals whose information is included in Retailer Data.

6. Subprocessors

Retailer authorizes Jewellink to use subprocessors to provide the Services. Jewellink will maintain a service provider and subprocessor list describing material subprocessors and their general processing purposes.

Jewellink may add, replace, or remove subprocessors from time to time. Where required by applicable law or a signed agreement, Jewellink will provide notice of material changes and an opportunity to object on reasonable data protection grounds.

Jewellink will impose commercially reasonable data protection obligations on subprocessors that process Retailer Customer Data.

7. CCPA Service Provider Terms

To the extent the California Consumer Privacy Act, as amended, applies, Jewellink will process personal information as a service provider or contractor for the business purposes described in the Agreement and this DPA.

Jewellink will not retain, use, or disclose personal information except:

  • to perform the Services;

  • for the business purposes described in the Agreement;

  • to retain and use subprocessors under written terms;

  • for internal use to build or improve the quality, safety, and security of the Services, provided Jewellink does not use the personal information to perform services for another business in a manner prohibited by law;

  • to create and use Aggregated Data and De-Identified Data;

  • to detect security incidents, protect against malicious or illegal activity, and enforce terms;

  • as otherwise permitted by applicable law; or

  • as instructed by Retailer.

Jewellink will not sell Retailer Customer Data or share Retailer Customer Data for cross-context behavioral advertising as those terms are defined by applicable California law.

8. Confidentiality and Personnel

Jewellink will ensure that personnel authorized to process Retailer Customer Data are subject to confidentiality obligations or professional obligations of confidentiality.

9. Security Measures

Jewellink will maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Retailer Customer Data in Jewellink's possession. These safeguards may include access controls, encryption in transit, encryption at rest where supported, credential protection, logging, environment separation, secret management, and incident response procedures.

Retailer acknowledges that security obligations are shared. Retailer remains responsible for Retailer Systems, Authorized Users, endpoint security, account permissions, passwords, OAuth grants, POS access, email accounts, social accounts, and consumer-facing practices.

10. Security Incidents

Jewellink will notify Retailer without undue delay after confirming a Security Incident affecting Retailer Customer Data in Jewellink's possession.

Notice may include, to the extent known and legally permitted, the nature of the incident, affected Services, categories of data involved, measures taken or planned, and information reasonably needed for Retailer to meet its legal obligations.

Unsuccessful access attempts, blocked attacks, scans, pings, denial-of-service attempts, spam, phishing attempts not resulting in compromise of Jewellink systems, and incidents caused by Retailer Systems or Authorized Users are not Security Incidents under this DPA.

"Retailer-Caused Security Incident" means any unauthorized access, disclosure, loss, alteration, unavailability, or compromise of Retailer Customer Data arising from or relating to Retailer Systems, Authorized Users, Retailer credentials, connected third-party accounts, POS systems, email accounts, social accounts, malware on Retailer devices, phishing or social engineering of Retailer personnel, misconfigured permissions, failure to offboard users, Retailer's instructions, Retailer's unlawful or unauthorized data collection, or Retailer's submission of Prohibited Sensitive Data.

Retailer is responsible for Retailer-Caused Security Incidents and for all resulting legal obligations, notices, investigations, forensics, remediation, credit monitoring, consumer support, regulatory responses, claims, fines, penalties, legal fees, settlements, judgments, and other expenses, except to the extent caused by Jewellink's breach of its express obligations under the Agreement. Retailer will reimburse Jewellink for reasonable costs Jewellink incurs in investigating, responding to, mitigating, defending, or assisting with a Retailer-Caused Security Incident.

11. Privacy Rights Requests

Jewellink will provide reasonable assistance to Retailer for data subject requests to the extent required by applicable law and technically feasible through the Services.

If Jewellink receives a request directly from an individual relating to Retailer Customer Data, Jewellink may refer the individual to Retailer unless Jewellink is legally required to respond.

12. Return and Deletion

Upon termination or written request, Jewellink will return or delete Retailer Customer Data as required by the Agreement, applicable law, and technical feasibility.

Retailer is responsible for using available self-service export, sync, API, reporting, or download tools before cancellation, expiration, suspension, termination, or deletion. Jewellink is not required to create custom exports, database dumps, migration files, schemas, transformation files, reports, message archives, usage logs, audit logs, metadata, derived data, analytics data, AI outputs, system data, deleted data, backup data, or third-party import formats unless expressly agreed in writing.

Jewellink is not responsible for migrating, syncing, mapping, transforming, formatting, transmitting, validating, or importing Retailer Customer Data into any third-party CRM, POS system, messaging platform, marketing platform, email platform, analytics tool, data warehouse, AI system, or other service.

Jewellink may retain data as necessary for legal, security, backup, audit, dispute, compliance, fraud prevention, billing, and legitimate business purposes. Jewellink may also retain Aggregated Data and De-Identified Data.

Deletion from backups may occur in accordance with Jewellink's normal backup lifecycle.

If Retailer is more than fifteen days late on any undisputed payment, Retailer instructs Jewellink that Jewellink may suspend, restrict, disable, terminate, or delete Retailer Customer Data ingested into the Services, subject to any retention Jewellink determines is necessary for legal, security, backup, audit, dispute, compliance, fraud prevention, billing, and legitimate business purposes.

13. Audits

Upon reasonable written request and no more than once annually unless required by law or following a confirmed Security Incident, Jewellink will provide information reasonably necessary to demonstrate compliance with this DPA.

Jewellink may satisfy audit requests through security summaries, questionnaires, third-party reports, certifications if available, or written responses. On-site audits require advance notice, reasonable scope, confidentiality, and reimbursement of Jewellink's reasonable costs unless prohibited by law.

14. International Transfers

Retailer authorizes Jewellink and its subprocessors to process Retailer Data in the United States and other jurisdictions where Jewellink or its service providers operate. Where legally required, the parties will use appropriate transfer mechanisms.

15. AI and Model Improvement

Jewellink may use Retailer Data to provide AI-enabled features to Retailer. Jewellink may use Usage Data, Aggregated Data, and De-Identified Data to improve and develop Jewellink services and AI features.

Jewellink will not use Retailer Customer Data containing personal information to train shared or generally available AI models unless Retailer expressly authorizes that use in writing.

16. Conflict

If this DPA conflicts with the Master Terms, this DPA controls for processing of Retailer Customer Data to the extent of the conflict.

© 2022 by Jewelery Sales Academy. All Rights Reserved  

  • Facebook
  • Instagram
  • Youtube
bottom of page