Data Processing Agreement (DPA)
This Data Processing Agreement ("Agreement") is made between Veritysphere Pay ("Data Controller") and the
customer ("Data Processor"). It outlines the handling of personal data in relation to the services
provided by Veritysphere Pay via its payment solutions platform. By utilizing these services, the Data
Processor agrees to abide by the terms set forth in this Agreement.
Data Controller
Veritysphere Pay acts as the Data Controller, responsible for determining how and why personal data is
processed through its payment solutions services. As the Data Controller, Veritysphere Pay is committed to
processing all personal data in compliance with relevant data protection laws and regulations.
Data Processor
The customer, serving as the Data Processor, agrees to process personal data on behalf of Veritysphere Pay
strictly following the instructions provided by the Data Controller. The Data Processor is prohibited
from using the personal data for any purpose other than fulfilling the services defined in this
Agreement.
Personal Data
Personal data includes any information that can directly or indirectly identify an individual, such as
names, addresses, email addresses, payment details, and other data classified as personal under
applicable laws. Both parties agree to handle personal data with the highest level of care and
confidentiality.
Processing Activities
The Data Processor is tasked with specific data processing activities as directed by the Data Controller,
such as collecting, storing, organizing, modifying, retrieving, using, sharing, or deleting personal
data. The Data Processor must follow the Data Controller's instructions and adhere to principles of data
minimization and limitation of purpose.
Data Security Measures
The Data Processor must implement and maintain appropriate technical and organizational measures to
protect personal data from unauthorized access, alteration, disclosure, or destruction. These security
measures must align with industry standards and include encryption, secure storage, access control
mechanisms, and regular security assessments.
Confidentiality
The Data Processor will ensure that all personnel involved in handling personal data are bound by
confidentiality agreements and are aware of the importance of safeguarding personal information.
Personal data may only be shared with third parties upon the Data Controller's approval, and such
disclosures must be conducted securely.
Data Subject Rights
Both the Data Controller and Data Processor recognize the rights of data subjects under applicable data
protection regulations, which may include rights to access, rectify, erase, restrict processing, request
data portability, or object to processing. The Data Processor must assist the Data Controller in
addressing these requests promptly.
Data Breach Response
In the event of a data breach, the Data Processor is required to immediately notify the Data Controller
upon discovering the breach. This notification should include details of the incident, its potential
effects, and actions taken to mitigate the issue. The Data Controller will decide the appropriate steps,
which may involve notifying affected individuals or regulatory authorities as necessary.
Subprocessing
The Data Processor may engage third-party sub processors to assist with data processing, but only with
prior written approval from the Data Controller. The Data Processor must ensure that any sub processors
are held to the same data protection obligations outlined in this Agreement and will remain fully
accountable for their actions.
