Payske Data Processing Amendment (DPA) between Payske inc (“Payske”) and the User (“User”)
1. Definitions and Interpretation
1.1. Data Protection Laws: Any applicable data protection or privacy laws, regulations, or guidance applicable to the processing of User Personal Data under this Addendum, including but not limited to the EU General Data Protection Regulation (“GDPR”).
1.2. User Personal Data: Any personal data provided by the User to Payske for the provision of services, including identification and contact data, and financial information as detailed in Annex A.
2. Data Processing
2.1. Purpose of Processing: Payske will process User Personal Data solely for the purpose of providing the services, including data synchronization between payment processors and accounting, and as necessary to comply with the User’s instructions and applicable Data Protection Laws.
2.2. Third-Party Transfers: Payske may transfer User Personal Data to third-party service providers as necessary for providing the services, under terms ensuring the privacy and security of the data as detailed in Annex B.
3. Data Security
3.1. Security Measures: Payske will implement appropriate technical and organizational measures to protect User Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
4. Subprocessing
4.1. Approval of Subprocessors: The User agrees to the engagement of third-party subprocessors by Payske for the provision of the services.
4.2. Subprocessor Obligations: Payske will ensure that any subprocessors are subject to contractual obligations regarding data protection and security that are no less onerous than those set out in this Addendum.
5. User Rights
5.1. Data Subject Rights: Users have rights to access, rectify, erase User Personal Data, and restrict or object to the processing of their Personal Data in accordance with applicable Data Protection Laws.
6. Breach Notification
6.1. Notification Obligations: Payske will notify the User without undue delay upon becoming aware of any unauthorized or unlawful data processing or breach of User Personal Data.
7. Data Deletion
7.1. Deletion upon Termination: Upon termination of the Agreement, Payske will securely delete or return all User Personal Data within 30 days, unless retention is mandated by applicable laws.
8. Governing Law
8.1. Jurisdiction: This Addendum shall be governed by and construed in accordance with the laws of The United States of America, without giving effect to any choice or conflict of law provision or rule.
9. Changes to this Addendum
9.1. Amendments: Payske may update or modify this Addendum from time to time to reflect changes in applicable Data Protection Laws or in the services provided. The User will be notified of any material changes.
10. Annexes
Annex A: Details of Data Processing
1. Categories of Data Subjects
- Users: Individuals who have registered to use Payske services, including business clients.
- Client Customers: End customers of Payske’s business clients who have transacted through Stripe and whose data is processed for synchronization with Payske.
2. Categories of Personal Data
* Users:
- Identification and contact data: Name, email address, business contact details.
- Financial information: transaction history, Credit card details are not stored by the Service and cannot be accessed by Payske staff. Your credit card details are encrypted and securely stored by Stripe Payment Solution Providers to enable Payske to facilitate any payments you undertake.
* Client Customers:
- Identification and contact data: Name, address, email address, other contact details.
- Financial information: Payment details, transaction amounts, Credit card details are not stored by the Service and cannot be accessed by Payske staff. Your credit card details are encrypted and securely stored by Stripe Payment Solution Providers to enable Payske to facilitate any payments you undertake.
3. Sensitive Data Processed
- Payske does not intentionally collect or process sensitive personal data as defined by GDPR and other privacy regulations.
4. Frequency of Processing
- Continuous, as determined by the user interactions and automated synchronization tasks scheduled within Payske’s services.
5. Purpose of the Processing
- To provide data synchronization services between Stripe and Payske.
- To enhance user experience based on user activity and preferences.
- To comply with legal requirements and user instructions.
6. Duration of Processing and Period for which Personal Data Will Be Retained
- Personal data will be processed as long as necessary to provide the services to the user or as required by law.
- User Personal Data is deleted within 30 days of termination of the user’s account or earlier if requested by the user, unless extended retention is required by law.
Annex B: Payske Subprocessors
* The following third-party subprocessors are engaged by Payske to assist in providing its services. This list may be updated from time to time:
1. Amazon Web Services (AWS)
- Purpose: Cloud hosting provider for data storage and processing infrastructure.
- Location: Global data centers, with specific regions based on client location to comply with data sovereignty requirements.
2. Stripe
- Purpose: Payment processing services.
- Location: Global operations with data processing in multiple jurisdictions.
Stripe
When you provide personal data in connection with Payske, Stripe receives that personal data and processes it in accordance with Stripe’s Privacy Policy.
Our payment processor can obtain information from credit agencies to verify your identity. That information will be used for the purposes described in their Privacy Policy as Stripe’s Privacy Policy.
Contact Information
For any questions or concerns about this Addendum, please contact us at support@Payske.com.
