Refer a fellow business and get a flat 10% discount
Effective Date: 1st March 2025
Last Updated: 27th September 2025
This Data Processing Agreement (“DPA“) forms part of the Terms of Service between:
The Boomimart customer (store owner) who uses the Boomimart platform to collect, store, or process personal data of their customers.
No. 348/8A1 East Coast Road, By pass, Kottakuppam, Tamil Nadu 605104.
Email: info@boomimart.com
DPO: Raj Thilak – rajthilak@boomimart.com
Boomimart processes Personal Data on behalf of the Controller for the following purposes:
This DPA applies for the duration that the Controller uses Boomimart services and until all Personal Data has been deleted or returned.
The Data Processor may process the following types of Personal Data:
Boomimart agrees to:
Boomimart uses third-party subprocessors to deliver its services (e.g. cloud hosting, payment, communication, analytics). The current list includes (but is not limited to):
Controller consents to the use of these subprocessors. Boomimart will notify the Controller of any changes and ensure that all subprocessors comply with GDPR.
Boomimart may transfer Personal Data outside the EEA. Such transfers shall only occur where:
Boomimart ensures appropriate safeguards for all such transfers.
Boomimart shall assist the Controller in:
The Controller may audit Boomimart’s compliance with this DPA:
Boomimart will provide necessary documentation to demonstrate compliance.
In the event of a Personal Data breach, Boomimart shall:
Upon termination of services:
This DPA shall be governed by the laws of India.
Any disputes shall be resolved in the courts of Pondicherry, India.
Below is a list of third-party subprocessors that Boomimart engages to process personal data on behalf of its customers (Controllers). Each subprocess is GDPR-compliant and bound by a data processing agreement.
Subprocessor | Service Provided | Data Location | Type of Data Processed |
---|---|---|---|
Amazon Web Services (AWS) | Cloud hosting, storage | Europe (Frankfurt), USA, India | All platform and customer data |
Google Cloud Platform | Cloud services, backups | Europe / USA | App and dashboard data |
Firebase (Google) | Real-time database, crash reports | USA | User data, device info, logs |
Stripe / Razorpay | Payment gateway | USA / India | Payment transaction metadata (not card details) |
SendGrid / Twilio / Interakt / Meta | Email, WhatsApp and SMS communication | USA / Global | Contact info, messages, alerts |
Google Analytics | Website usage analytics | USA / Global | IP addresses, browser info, behavior data |
Hotjar / Microsoft Clarity (if used) | User interaction analytics | Europe / USA | Session data, clicks, heatmaps |
Zoho / Freshdesk (if used) | Customer support & ticketing | India / USA | Support tickets, customer communication |
Note: Boomimart monitors subprocessors to ensure GDPR compliance. Controllers will be notified of any new subprocessors.
Boomimart implements the following security measures to protect Personal Data in accordance with Article 32 of the GDPR: