IDT S.p.A., having its registered office in Via Varallo 24/b (Turin), C.F.-P.IVA 10010450012 hereby represented by its pro tempore legal representative (hereinafter, “IDT”), created and is the owner of a website for online sale of products and for the supply of the dropshipping service, whose domain is www.bdroppy.com (hereinafter “DB Main Domain”) IDT wants to offer users regularly registered on the DB Main Domain (hereinafter, “User”), under regular price payment (hereinafter, “Price”), a membership service giving the User the opportunity to sell online IDT products supplied in dropshipping (hereinafter, the “Service”) listed in the catalogue (hereinafter, the “Catalogue”) through the user’s online shop (therefore provided with xls, csv, xml or json files for the extrapolation of the product catalog data, or through plugins, where present, for the automatic exchange of catalog and order data) or through a ready-to-use e-commerce with domain owned by the User created by IDT and integrated with the dropshipping service provided by the latter (hereinafter “User Domain”).
In light of the above,
The Dropshipping service can be activated according to the plans and rates which can be consulted in the Plans&Prices section within the BDroppy dashboard for Dropshipping plans or in the “Turnkey Site” section
The cost of the service is not refundable, in accordance with the EU Directive on consumer rights
The activation of the service takes place within 24 hours of receipt of payment.
The User can pay for the service by credit card (Stripe).
Depending on the plan chosen, the service will have a duration of 1 or 12 months in the case of a Dropshipping plan, 12 months in case of purchase of the turnkey website.
The user can modify the Dropshipping plan or deactivate the renewal of the subscription by contacting customer service
Once one of the Dropshipping plans proposed for the type of service requested is activated, the User can select the products for one or more lists, consequently integrate them into the selected channel (s) or download the files in the desired format: (XLSX, CSV, XML, or JSON) in the “Manage import lists” area.
Product code (SKU) Barcode Made in Available stock Category Season Gender
Description in 20 languages (Italian, English, French, German, Spanish, Romanian, Portuguese, Polish, Dutch, Slovak, Hungarian, Swedish, Estonian, Czech, Finnish, Danish, Bulgarian, Lithuanian and Greek) Volumetric weight Link to 3 product photos Italian retail price (VAT included) Selling price (VAT excluded) Suggested price (VAT included) The price of the products is the same as the one in the “Search products” section of BDroppy under Cost (VAT excluded). Bdroppy.com does not retain any percentage on the sale of the products.
In order to protect the collaboration with the different brands, Bdroppy recommends selling prices (suggested_price) available in the different formats provided (xlsx, csv, xml and json) and suggests not to drop below 30% of net margin. IDT provides advertising material useful for sponsoring the products on sale, however the use of a logo or registered trademark is prohibited without the authorization of the owner of the trademark itself. It is understood that IDT cannot be held responsible for any incorrect use of these logos, symbols, brands or other distinctive signs by the User. Technical management is entirely entrusted to the User. IDT provides assistance within 48h via e-mail, ticket and chat for information and problems related to the service offered. For assistance with the plugins, the user will be required to provide complete access information (admin and ftp) to carry out a correct diagnosis and resolution of the verified problems. In the event that interventions are requested to the BDroppy staff, for example installation and setting of the plugins or resolutions of problems not related to the operation of the plugins provided by BDroppy or in general of functions not included in the BDroppy offer, the user will be requested a payment of 199 € for extra intervention required. In the case of a free role and therefore in the absence of subscription to a dropshipping plan or in the absence of renewal of one of the subscription services of your choice, the previously selected catalogues will be removed within 72h of the creation of the catalogue/expiration of the service.
If the plan chosen is the one with only the download of the file, the user can place orders on Bdroppy in manual mode. In case of choice of plans connected to one or more specific channels, the transmission of orders from the user e-shop to Bdroppy will take place automatically via Plugin. The User agrees to place the order on Bdroppy, only once the purchase has been made and confirmed by his/her end users on his/her e-shop. This order is considered in a “booked” status and awaiting payment. Any changes/cancellations are accepted only if the order is in the “booked” status. Once the receipt of the payment has been confirmed, the order is processed and passed on to the logistics processing, therefore it is no longer possible to make changes/cancellations. In the event that the shipment should return to sender, for an incorrect address or for non-acceptance by the end user, a credit note will be provided and consequent credit net of shipping costs.
With Bdroppy’s Dropshipping service, the User can choose whether to:
*IDT delivers the products directly to the end customer in the countries and at the costs indicated in the “Shipping fees” section inside the Dashboard. Packages sent to the end customer do not contain any reference to Bdroppy.com. For all non-EU countries to which IDT does not provide shipments to the end customer, orders must be cumulative and reach a minimum of 1,000 €. The User can request quotes with IDT courier or organize the collection with his/her own courier. Shipping costs are always to be paid by the User. For shipments to non-EU countries, customs duties and charges may apply depending on the regulations of the country of destination of the goods. The User is invited to contact their local customs office for further information.
Once the end customer has purchased the product on the User’s e-shop, the User must then create the order (or the order will be automatically generated) on the BDroppy platform, by entering his/her billing information and the shipping details of the end customer (or another address where he/she wishes to receive the goods). If payment is not made within 24 hours, then the order expires.
Orders can be paid by credit card (Stripe) or Paypal. The order will be automatically confirmed in case of existing credit on the User’s profile. If the credit does not cover the entire cost of the order, then the payment of the missing amount will be required. An invoice is issued for any payment made, both for single order or for multiple orders, the User can download it from his/her profile page. For Italian customers: the electronic invoice will be duly sent to the SDI who will arrange for it to be delivered to your electronic inbox (certified e-mail address or recipient code). Invoices are also available on the User’s BDroppy profile, yet they are not valid for tax purposes.
The User can request a return within 20 days of receiving the order, for the following reasons: if he/she dislikes the product; if the product is too big/small, damaged, does not correspond to the product ordered, or if it is not actually in the package, etc. To start the return request, it is necessary to follow these instructions:
IDT reserves the right not to refund in the following cases:
The shipping, return costs and customs duties are to be paid by the User unless otherwise instructed. Also in the case of damaged or non-compliant products, a return request must be made as indicated above. The damage must be described in detail and photos must be attached demonstrating its extent within and no later than 20 days from receipt of the order. Please send all details to the appropriate contact form. The refund is issued in the form of a credit loaded on the User’s profile within a maximum of 10 working days of receipt of the product and is visible at the bottom of the profile page of your account. The credit is automatically deducted when a new order is placed. The credit is available for 2 years following the issuance of the credit note. Bdroppy does not exchange goods. It is necessary to make a return request for the product that the User wishes to return and create a new order deducting any credit charged on the User’s profile.
In addition to the features already listed in the Dropshipping service included in each Turnkey Site plan:
The hosting provided by IDT S.p.A. through third parties includes: BASIC plan
Amazon Web Service Hosting (Recommended for up to 1,000 products) RAM: 512MB / Transfer: 1 TB)
Amazon Web Service Hosting (Recommended for up to 5,000 products) RAM: 1GB /Transfer: 2 TB
Amazon Web Service Hosting (Recommended for up to 5,000 products) RAM: 4GB / Transfer: 4TB Included domain (extensions .com, .net, .business, .us) 1 basic mailbox included
The products are divided into product categories, the site is provided with the entire catalogue available on BDroppy.com, the user can subsequently modify and customize his/her offer.
Following the purchase of one of the offered plans, the User will receive by e-mail the request to fill out a form with the request of the following information in order to be able to start processing the User’s site:
DROPPYFILE – File download (xlsx, csv, xml, json): 69€/month – 690€/year
DROPPYPRO – 1 integration (1 list and 1 channel to be chosen among Woocommerce, Prestashop, Amazon, Ebay ): 99€ /month – 990€/year
DROPPYPLUS – 3 integrations (3 lists and 3 channels to be chosen among Woocommerce, Prestashop, Amazon, Ebay): 159€ /month – 1590€/year
Turnkey Website – BASIC plan: 690€/year
Turnkey Website – PRO plan: 1090€/year
Turnkey Website – ENTERPRISE plan: 1990€/year
The Client – the Controller –
IDT S.p.A., with its registered office in Torino, via Varallo 24/b, C.F. – P.IVA 10010450012 – the Processor
1.1. The Processor will carry out the following activities: management of shipments to the addresses communicated by and on behalf of the Controller. 1.2. The duration of this appointment is equal to the duration of the main contract. 1.4. The categories of processed personal data are the following: fundamental personal data contact details contractual data purchase history billing and payment information and accounting data others: …………………………………………….. [specify] 1.4. The personal data collected and processed relate to: customers potential customers subscribers employees and partners officers agents and representatives contact point people others …………………………………………….. [specify]
2.1. The operations of data process regulated by the present appointment contract will be carried out within the European Union (EU) or the European Economic Area (EEA). Any data transfer to a third country outside the EU or the EEA is subjected to prior written authorization by the Controller and can occur only according to specific conditions set out under articles 44 et seq. GDPR
2.2. The legal basis for the transfer under the GDPR are: an adequacy decision by the European Commission (art. 45 par. 3) binding corporate rules (art. 46 par. 2 point b) and art. 47) standard data protection clauses (art. 46 par. 2 points c) and d)) codes of conduct (art. 46 par. 2 point e) and art. 40) a certification mechanism (art. 46 par. 2 point f) and art. 42) others: …………………………………………….. (art. 46 par. 2 point a), par. 3 points a) and b))
3.1. The Processor ensures the security of processing pursuant to articles 28 par. 3 point c) and 32 GDPR, in particular pursuant to article 5 paragraphs 1 and 2 GDPR. Such measures must ensure the security of data and a level of protection appropriate to the risk for confidentiality, integrity, availability and resilience of the systems. Pursuant to article 32 par. 1 GDPR, the state of the art, implementation costs, nature, object and purposes of processing, as well as the probability of a violation of personal data and the seriousness of the risks potentially deriving from it to natural persons’ rights and freedom, should all be taken into account.
3.2. The technical and organisational measures are subjected to technical and technological development and progress. Therefore, the Processor may adopt alternative measures adequate to the changed technological context. In such cases, the level of processing security cannot be reduced. Any substantial modification must be documented.
4.1. The Processor cannot, rectify, erase or restrict the processing of the data assigned by the Controller on his own initiative, but only upon documented instruction by the Controller.
4.2. Should a data subject contact directly the Processor with regard to a question of processing rectification, erasure or restriction, the Processor shall forward such a request immediately to the Controller. The erasure, rectification, portability and access requests shall be processed without undue delay on the basis of the Controller’s documented instructions.
In addition to the provisions of the present contract, the Processor is bound to respect all legal requirements outlined in articles 28-33 GDPR. To this end, the Processor ensures to comply in particular with the following conditions: Appointment of a Processor for the Protection of Personal Data (Data Protection Officer, DPO) The current DPO is: Ida Tafuri The Processor will communicate without undue delay every DPO change to the Controller. Confidentiality The processing activity regulated by this appointment contract will be carried out only by employees, partners or appointed people previously instructed by the Processor on the correct processing of personal data and contractually bound by the obligation of confidentiality under articles 28 par. 3(b) and 32 GDPR. The Processor, as well as any other person under his authority and able to access to personal data, shall not process personal data unless instructed to do so by the Controller, not even through the present appointment, unless expressly provided by the law. Technical and organizational measures Implementation and respect of adequate technical and organizational measures in the context of the present appointment contract, pursuant to what specified under article 32 GDPR. The Processor controls periodically the internal procedures and the technical and organizational measures to ensure that the processing within his competent area is compliant with the legal requirements under the discipline of the protection of personal data and data subjects’ rights. The Processor ensures to the Controller the verifiability of the technical and organizational measures among his supervisory powers as set out under point 7 of the present contract. Partnership with supervisory authorities The Controller and the Processor cooperate, under request, with the supervisory authority. The Controller is immediately informed of all inspections and the measures executed by the supervisory authority, in so far as they refer to activities carried out according to this contract. This is true also in case the Processor is subject to or involved in an investigation by a competent authority with regard to a violation of any provision relating to personal data processing occurred in activities pursuant to the present contract. In so far as the Controller is subject to investigation by the supervisory authority, administrative pecuniary sanctions, precautionary measures or criminal proceedings, claims by data subjects or by third parties, or any other legal actions relating to the data processing by the Processor pursuant to the present appointment, the Processo shall do everything possible to support the Controller.
6.1. the Processor may delegate part of processing activities regulated by the present contract to further Sub-processors, who shall be subject to the contractual obligations set out under article 28 par. 4 GDPR where provided by the law. 6.2. The Processor appoints from now the following Sub-processors, provided that contractual agreements complying with what required under article 28 par. 2-4 GDPR are concluded:
|2||DEUTSCHE POST GLOBAL MAIL||GERMANY||TRANSPORTS|
|3||BXB s.r.o.||CZECH REP.||TRANSPORTS|
|4||DHL supply chain SPA GLOBAL MAIL||ITALY||LOGISTICS|
|7||POSTE ITALIANE SpA||ITALY||TRANSPORTS|
|8||FEDEX EXPRESS ITALY S.R.L.||ITALY||TRANSPORTS|
6.3. The transfer of data to a Sub-processor may occur only upon satisfaction of all abovementioned conditions for Sub-processors appointment.
6.4. The Processor is integrally responsible for the appointed Sub-processors’ conduct. Any modification to the Sub-processors list must be communicated to the Controller without undue delay, giving the latter the right to object to it. In case of objection, the Processor has the right to withdraw from the contract with the Controller without prior notification.
6.5. In particular, should the Sub-processor work outside the EU/EEA, the Processor shall ensure with adequate means the respect of EU law on personal data protection, as described under point 2 of the present contract.
7.1. In coordination with the Processor, the Controller has the right to carry out inspections or have an auditor, instructed on each occasion, carry them out. The auditor shall have the right to assess the Processor’s compliance with the present appointment contract as far as it concerns his own entrepreneurial activities, by means of random checks, which shall be communicated in advance as a general rule.
7.2. The Processor shall allow the Controller to verify his compliance with his obligations, as set out in article 28 GDPR. Upon request, the Processor shall provide the Controller with any necessary information as well as, in particular, with evidence of the adoption of technical and organizational measures.
7.3. The evidence of the adoption of such measures, which may refer also to activities other than those falling within the scope of the present contract, may be provided also by means of compliance with approved codes of conduct pursuant to article 40 GDPR;L certifications issued according to an approved certification mechanism pursuant article 42 GDPR; current auditors’ certifications, reports or extracts of reports written by independent organs. (e.g. auditors, personal data protection officers, IT security department, data protection auditors) Adequate certifications issued by IT security or personal data protection auditors.
7.4. The Processor may charge the Controller a reasonable remuneration for the inspections execution.
8.1. The Processor shall assist the Controller in carrying out his obligations relating to the personal data security, in reporting data breaches, in the impact assessments on the data protection and in the pre-emptive consultations referred to in the articles from 32 to 36 GDPR, also ensuring adequate protection standards by means of technical and organizational measures, taking into account nature, circumstances and purposes of processing, probability of data breaches and of the seriousness of the risks deriving from it for natural persons ensuring the immediate detection of infringements reporting without undue delay any data breach to the Controller assisting the Controller in processing data subjects’ requests to exert their rights
8.2. The Processor may request a reasonable remuneration for the assistance services that are not included in the description of the services and that are not due to errors attributable to the Processor.
9.1. The Processor shall process no personal data pursuant to the present appointment if not under the Controller’s instruction, unless he is bound to do that under the law of the EU or of Member States.
9.2. Should the Controller ask for a modification of the personal data processing envisaged in the documented instructions pursuant to point 2, the Processor informs immediately the Controller if he considers that such modification could entail a violation of the provisions on data protection. The Processor may abstain from carrying out any activity that could result in such a violation.
10.1. Each party of the present contract undertakes to compensate the other for damages or expenses deriving from his own negligent non-compliance with the present contract, including any negligent non-compliance committed by his own legal representative, Subprocessors, employees or other agents. Furthermore, each party undertakes to indemnify the other from any claim by third parties deriving from or relating to any negligent violation committed by the other.
10.2. It remains unchanged the requirement under article 82 GDPR
11.1. The Processor does not create copies or duplicates of data unbeknownst to and without the Controller’s consent, except for security copies, in so far as they are necessary to ensure the ordered processing of data, as well as for the data whose storage is required by the law.
11.2. Upon the conclusion of the service supply, the Controller may choose to have the Processor erase or return all personal data collected and processed pursuant to the present appointment, in compliance with data protection, unless the applicable legal provisions do not require further conservation of personal data. In any case, the Processor may keep all information necessary to demonstrate the ordered and conformed execution of the processing activities also beyond the termination of the contract, in accordance with the storage period prescribed by the law.
11.3. The documents used to demonstrate an ordered processing of data pursuant to the appointment contract shall be stored by the Processor beyond the duration of the contract in compliance with the respective storage period. The Processor may give such documents to the Controller at the end of the duration of the contract to discharge himself from such contractual obligation.