Issued by Krepling Inc.
Effective Date: 20th June 2025
This Data Processing Agreement (“DPA”) supplements the Krepling Pay Terms of Service and is made between the merchant (“Controller”) and Krepling Inc. (“Processor”). It governs the processing of personal data by Krepling on behalf of the Controller as required by applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
What This Means:
This agreement defines how we handle personal data on your behalf and ensures compliance with data privacy laws.
Personal Data: Any information relating to an identifiable natural person.
Processing: Any action performed on personal data (e.g., storing, collecting, deleting).
Controller: You, the merchant, who determines how and why data is used.
Processor: Krepling, who processes data on your behalf.
Sub-processor: Third parties engaged by Krepling to assist with data processing.
What This Means:
These terms clarify the roles: you control the data, and we process it for you.
Krepling agrees to:
Only process personal data for providing Krepling Pay services.
Follow the Controller’s instructions.
Not use data for its own purposes.
What This Means:
We only use your customers’ data to help you run your business. We don’t use it for ourselves.
This DPA remains in effect as long as Krepling processes personal data on behalf of the Controller under the Terms of Service.
What This Means:
This agreement applies for as long as you use Krepling Pay.
As the Controller, you agree to:
Provide lawful instructions to Krepling.
Ensure you have the right to share the data.
Comply with all relevant privacy regulations.
What This Means:
You’re responsible for making sure you collect and use data legally.
Krepling will:
Process data only under documented instructions.
Implement technical and organizational security measures.
Ensure staff access is limited and properly trained.
Assist with compliance requests (e.g., data access, deletion).
Notify Controller of any data breach without undue delay.
What This Means:
We follow your instructions, secure the data, and help if a privacy issue arises.
Krepling may use trusted Sub-processors such as:
Cloud hosting providers
Payment processors
Customer support platforms
We will:
Maintain a current list of Sub-processors.
Ensure Sub-processors comply with similar data protection obligations.
Notify you of changes with an option to object.
What This Means:
We may work with third parties, but they must also follow strong privacy rules.
Krepling will support you in handling data subject requests including:
Right to access
Right to rectification
Right to erasure
Right to restrict or object to processing
Right to data portability
What This Means:
If your customers want to see or delete their data, we’ll help you respond.
Krepling maintains:
Encryption of data in transit and at rest
Role-based access controls
Regular security testing and auditing
What This Means:
We keep data safe using modern security practices.
Krepling will:
Inform you of any confirmed data breach within 72 hours.
Provide details on the breach, impact, and remediation steps.
Support you in notifying regulators or affected individuals, if needed.
What This Means:
If a breach happens, we’ll let you know quickly and help manage the response.
Upon termination of services:
You may request return or deletion of all personal data.
Krepling will delete backup copies unless legally required to retain them.
What This Means:
When you stop using Krepling Pay, you can ask us to delete your data.
You have the right to request information or an audit of Krepling’s data processing practices.
Audits must be reasonable, scheduled in advance, and not disruptive.
What This Means:
You can review how we handle data, as long as it’s done reasonably.
Each party is liable for its own acts and omissions under this DPA. Krepling’s liability is limited as stated in the Terms of Service.
What This Means:
We’re each responsible for our own mistakes, but our liability has limits.
To exercise your rights or for questions regarding this DPA, contact:
Email: privacy@krepling.com
What This Means:
You can contact our privacy team for anything related to data handling or your rights.
