Data Processing Addendum (DPA)

1. Purpose of this Addendum

This DPA sets out the obligations of both parties regarding the processing of personal data in connection with the Omnika platform.

It ensures compliance with applicable data protection laws across Southeast Asia, including:

• Singapore Personal Data Protection Act (PDPA)
  
• Thailand Personal Data Protection Act (PDPA)
  
• Malaysia Personal Data Protection Act
  
• Indonesia Personal Data Protection Law (UU PDP)
  
• Vietnam Personal Data Protection Decree 13
  
• Philippines Data Privacy Act of 2012
  

This DPA applies whenever Omnika processes personal data on behalf of the Customer.

2. Definitions

For the purposes of this DPA:

Personal Data

Any information relating to an identified or identifiable natural person.

Processing

Any operation performed on personal data including collection, storage, use, disclosure, or deletion.

Controller

The party determining the purpose and means of processing personal data.

In most cases, the Customer is the Controller.

Processor

The party processing personal data on behalf of the Controller.

In this case, MGV Digital Pte Ltd (Omnika) acts as the Processor.

Data Subject

An individual whose personal data is processed.

3. Scope of Processing

Omnika processes personal data only for the purpose of providing the Omnika SaaS platform, including:

• ecommerce marketplace integrations
  
• operational dashboards
  
• analytics and reporting
  
• inventory and order data processing
  
• automated alerts and insights
  
• customer and order data analysis
  

The categories of personal data processed may include:

• customer names
  
• shipping addresses
  
• phone numbers
  
• email addresses
  
• order information
  
• transaction details
  
• product and inventory data
  
• user account credentials
  

The categories of data subjects may include:

• ecommerce customers
  
• merchants
  
• marketplace users
  
• employees or staff of the Customer using the platform.
  

4. Roles and Responsibilities

4.1 Customer Responsibilities

The Customer represents and warrants that:

1. It has the legal right to collect and process personal data.
   
2. It has provided all required privacy notices to data subjects.
   
3. It has obtained any necessary consent required by applicable laws.
   
4. It will comply with all applicable data protection laws.
   

The Customer remains responsible for determining:

• what data is processed
  
• why the data is processed
  
• how long data should be retained.
  

4.2 Omnika Responsibilities

MGV Digital Pte Ltd agrees to:

1. Process personal data only in accordance with Customer instructions.
   
2. Maintain appropriate technical and organizational security measures.
   
3. Ensure employees and contractors handling personal data are bound by confidentiality obligations.
   
4. Assist Customers in complying with applicable data protection laws where reasonably possible.
   

5. Data Processing Instructions

Omnika shall process personal data solely:

• to provide the Omnika platform
  
• to maintain and improve the service
  
• to support integrations with marketplaces
  
• to generate analytics and operational insights.
  

Omnika will not process personal data for unrelated purposes without Customer authorization.

6. Security Measures

MGV implements industry-standard security measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction.

These measures include but are not limited to:

• encrypted HTTPS connections
  
• secure cloud infrastructure
  
• role-based access control
  
• authentication systems
  
• audit logging
  
• data backup and disaster recovery
  
• vulnerability monitoring and patching.
  

Security measures are periodically reviewed and updated in accordance with industry best practices.

7. Subprocessors

Omnika may use trusted subprocessors to deliver the platform, including:

• cloud infrastructure providers
  
• hosting providers
  
• analytics services
  
• monitoring and security platforms.
  

MGV ensures that subprocessors:

• are contractually bound to protect personal data
  
• process personal data only for the purposes specified by Omnika.
  

A current list of subprocessors may be made available upon request.

8. International Data Transfers

Personal data processed through Omnika may be transferred to or stored in data centers located outside the Customer’s country.

These transfers may occur within or outside the following jurisdictions:

• Singapore
  
• Thailand
  
• Malaysia
  
• Indonesia
  
• Vietnam
  
• Philippines
  
• other jurisdictions where Omnika infrastructure operates.
  

MGV ensures that appropriate safeguards are implemented for cross-border transfers in accordance with applicable laws.

9. Data Subject Rights

Where required by applicable law, Omnika will reasonably assist Customers in responding to requests from data subjects, including requests to:

• access personal data
  
• correct inaccurate data
  
• delete personal data
  
• restrict processing
  
• withdraw consent where applicable.
  

Customers remain responsible for responding to such requests.

10. Data Retention and Deletion

Omnika will retain personal data only for as long as necessary to:

• provide the Service
  
• comply with legal obligations
  
• maintain system integrity and security.
  

Upon termination of the Customer account:

• data may be deleted or anonymized according to Omnika’s retention policies
  
• Customers may request data export prior to deletion where technically feasible.
  

11. Data Breach Notification

In the event of a confirmed personal data breach, Omnika will:

1. notify the Customer without undue delay
   
2. provide available information about the nature of the breach
   
3. cooperate with reasonable investigations.
   

Customers remain responsible for determining whether notification to authorities or individuals is required under applicable laws.

12. Compliance with Regional Data Protection Laws

This DPA is intended to support compliance with the following regional regulations:

Singapore

Personal Data Protection Act (PDPA)

Thailand

Personal Data Protection Act B.E. 2562

Malaysia

Personal Data Protection Act 2010

Indonesia

Personal Data Protection Law (UU PDP)

Vietnam

Decree No. 13/2023/ND-CP on Personal Data Protection

Philippines

Data Privacy Act of 2012

Where local laws impose stricter obligations, the parties agree to comply with those requirements.

13. Audits and Compliance Verification

Upon reasonable request, Omnika may provide documentation demonstrating compliance with applicable data protection requirements.

Any audit must:

• be conducted with reasonable notice
  
• not disrupt Omnika operations
  
• protect confidential information.
  

14. Liability

Each party’s liability under this DPA is subject to the limitation of liability provisions in the Omnika Terms and Conditions, unless otherwise required by applicable law.

15. Updates to this Addendum

MGV may update this Data Processing Addendum from time to time to reflect:

• regulatory updates
  
• operational changes
  
• improvements to security practices.
  

Updated versions will be published on the Omnika website.

16. Governing Law

This Data Processing Addendum shall be governed by the laws of Singapore, and any disputes shall fall under the exclusive jurisdiction of the courts of Singapore.

17. Contact

For questions related to data protection or this DPA:

MGV Digital Pte. Ltd.

Singapore

Email: admin@mgv.digital