Contact Sales
Get started
Get started
Get started

Data Processing Agreement

Issued by Krepling Inc.

Effective Date: 20th June 2025

1. Introduction

This Data Processing Agreement (“DPA”) supplements the Krepling Pay Terms of Service and is made between the merchant (“Controller”) and Krepling Inc. (“Processor”). It governs the processing of personal data by Krepling on behalf of the Controller as required by applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

What This Means:

This agreement defines how we handle personal data on your behalf and ensures compliance with data privacy laws.

2. Definitions

  • Personal Data: Any information relating to an identifiable natural person.

  • Processing: Any action performed on personal data (e.g., storing, collecting, deleting).

  • Controller: You, the merchant, who determines how and why data is used.

  • Processor: Krepling, who processes data on your behalf.

  • Sub-processor: Third parties engaged by Krepling to assist with data processing.

What This Means:

These terms clarify the roles: you control the data, and we process it for you.

3. Purpose and Scope

Krepling agrees to:

  • Only process personal data for providing Krepling Pay services.

  • Follow the Controller’s instructions.

  • Not use data for its own purposes.

What This Means:

We only use your customers’ data to help you run your business. We don’t use it for ourselves.

4. Duration

This DPA remains in effect as long as Krepling processes personal data on behalf of the Controller under the Terms of Service.

What This Means:

This agreement applies for as long as you use Krepling Pay.

5. Controller Responsibilities

As the Controller, you agree to:

  • Provide lawful instructions to Krepling.

  • Ensure you have the right to share the data.

  • Comply with all relevant privacy regulations.

What This Means:

You’re responsible for making sure you collect and use data legally.

6. Processor Obligations

Krepling will:

  • Process data only under documented instructions.

  • Implement technical and organizational security measures.

  • Ensure staff access is limited and properly trained.

  • Assist with compliance requests (e.g., data access, deletion).

  • Notify Controller of any data breach without undue delay.

What This Means:

We follow your instructions, secure the data, and help if a privacy issue arises.

7. Sub-processing

Krepling may use trusted Sub-processors such as:

  • Cloud hosting providers

  • Payment processors

  • Customer support platforms

We will:

  • Maintain a current list of Sub-processors.

  • Ensure Sub-processors comply with similar data protection obligations.

  • Notify you of changes with an option to object.

What This Means:

We may work with third parties, but they must also follow strong privacy rules.

9. Data Subject Rights

Krepling will support you in handling data subject requests including:

  • Right to access

  • Right to rectification

  • Right to erasure

  • Right to restrict or object to processing

  • Right to data portability

What This Means:

If your customers want to see or delete their data, we’ll help you respond.

10. Security Measures

Krepling maintains:

  • Encryption of data in transit and at rest

  • Role-based access controls

  • Regular security testing and auditing

What This Means:

We keep data safe using modern security practices.

11. Breach Notification

Krepling will:

  • Inform you of any confirmed data breach within 72 hours.

  • Provide details on the breach, impact, and remediation steps.

  • Support you in notifying regulators or affected individuals, if needed.

What This Means:

If a breach happens, we’ll let you know quickly and help manage the response.

12. Data Deletion or Return

Upon termination of services:

  • You may request return or deletion of all personal data.

  • Krepling will delete backup copies unless legally required to retain them.

What This Means:

When you stop using Krepling Pay, you can ask us to delete your data.

13. Audits

  • You have the right to request information or an audit of Krepling’s data processing practices.

  • Audits must be reasonable, scheduled in advance, and not disruptive.

What This Means:

You can review how we handle data, as long as it’s done reasonably.

14. Liability

Each party is liable for its own acts and omissions under this DPA. Krepling’s liability is limited as stated in the Terms of Service.

What This Means:

We’re each responsible for our own mistakes, but our liability has limits.

15. Contact Information

To exercise your rights or for questions regarding this DPA, contact:
Email: privacy@krepling.com

What This Means:

You can contact our privacy team for anything related to data handling or your rights.

Product

Pricing

Checkout

Merchant

API

Solutions

Early-Stage

Medium-Sized

Enterprise

Company

About

Careers

Contact

Security

Resources

Help Center

Blog

Legal

Platform Agrrement

Terms of Service

API Agreement

© 2025 Krepling Pay

Krepling Pay is a global payment gateway offering services through its subsidiaries and licensed partners. Payment processing and money transmission services are provided in accordance with local licensing requirements, regulatory frameworks, and financial conduct standards. In the United States, such services are offered through Krepling Inc., which maintains compliance with applicable federal and state money transmission laws. For licensing details and regulatory disclosures, please visit our Legal page.

Facebook-f Youtube Instagram Linkedin-in X-twitter
Copyright © 2025 Krepling Inc. All rights reserved.