wwemalocloud · wms
HomeFeaturesPricingAboutContact
Sign inBook a demo
Back to wemalo.com

Plain-English summary

Standard EU-shaped DPA. We act as Processor for the personal data you upload; you remain the Controller. Sub-processors disclosed up front, SCCs in place where needed.

Legal · DPA

Data Processing Agreement

Last reviewed 2026-05-01 · version 1.0

Parties

Between the Customer ("Controller") and Wemalo GmbH ("Processor"), for processing of personal data described in Annex 1.

1. Subject and duration

The Processor processes personal data on behalf of the Controller strictly to provide the Wemalo Cloud Service per the underlying [Terms of Service](/legal/terms). This DPA applies for the duration of the Service agreement and survives termination for the period required to delete Customer Data.

2. Nature and purpose of processing

To operate the Service, including storage, backup, security, support, and incident response.

3. Categories of data subjects + data

See Annex 1. Typically: warehouse staff, customer service users, end customers whose orders are processed via the Service.

4. Obligations of the Processor

  • Process personal data only on documented instructions from the

Controller (using the Service is itself such an instruction).

  • Ensure persons authorised to process the data are bound by

confidentiality.

  • Implement appropriate technical and organisational measures —

detailed in our [Security posture](/security).

  • Engage sub-processors only with prior authorisation; current list

at [/legal/subprocessors](/legal/subprocessors). We give 30 days' notice before adding a new sub-processor; you may object in writing.

  • Assist the Controller in responding to data-subject requests.
  • Make available all information necessary to demonstrate compliance.
  • Notify the Controller of personal data breaches without undue delay

(target: within 24 hours of detection).

5. International transfers

Where transfers outside the EEA occur, the relevant Standard Contractual Clauses (Module 2 or 3 as applicable) are incorporated by reference, with the optional clauses appropriate for the sub-processor in question.

6. Return or deletion of personal data

On termination of the Service agreement, the Processor returns or deletes all personal data within 30 days, unless retention is required by EU or member-state law (in which case the data remains encrypted and inaccessible until lawful deletion).

7. Audits

The Controller may audit the Processor's compliance with this DPA on reasonable advance notice, no more than once per twelve-month period unless triggered by a notified incident. Where the Processor can satisfy the request with an existing third-party audit report (ISO 27001, SOC 2, etc.) that is preferred.

Annex 1 — processing details

  • Subject: provision of the Wemalo Cloud Service
  • Duration: term of the Service agreement
  • Nature: storage, structured database operations, transfer to

configured sub-processors (carriers, channels, AI)

  • Purpose: operate the WMS for the Controller
  • Categories of data subjects: warehouse staff, customer service

operators, end customers

  • Categories of personal data: name, email, phone, postal address,

order identifiers, shipping addresses, IP and device data

A signed copy of this DPA in PDF is available on request from [legal@wemalo.com](mailto:legal@wemalo.com).

Related

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Acceptable Use Policy
  • Service Level Agreement
  • Subprocessors
  • Imprint · Impressum
  • Refund + cancellation policy
  • Accessibility statement

Questions about this policy? Email legal@wemalo.com or use the contact form.

w

wemalo

warehouse management as a service

A modern, multi-channel warehouse management platform delivered as a managed cloud service for fulfilment, e-commerce, and 3PL operators across the EU.

We send a short monthly update — product news only. Unsubscribe anytime. Privacy Policy.

Product

  • Features
  • Pricing
  • Security
  • Roadmap
  • Changelog

Modules

  • Inbound + Putaway
  • Order management
  • Pick + Pack
  • Returns + Reverse
  • Shipping + Carriers
  • Multi-channel sync
  • EU customs + IOSS

Company

  • About
  • Contact
  • Partners
  • Support

Legal

  • Terms of Service
  • Privacy Policy
  • DPA
  • Cookie policy
  • Imprint· Impressum

© 2026 Wemalo · All rights reserved · Hosted in the EU

in𝕏ghwemalo.com
Skip to content