Data Processing Agreement (DPA)
A legal disclaimer effective 10 July
This section outlines the terms under which PentaPay processes personal data on behalf of users who are data controllers.
1. Scope
-
PentaPay processes personal data solely for the purpose of providing its Services as instructed by the user (controller).
2. Categories of Data Subjects
-
Business owners, employees, and customers using PentaPay
3. Nature and Purpose of Processing
-
Transaction management, credit scoring, analytics, user verification, and communications
4. Obligations of PentaPay (Processor)
-
PentaPay shall:
-
Process data only on documented instructions from the controller
-
Ensure confidentiality, integrity, and availability of data
-
Assist the controller with data subject rights requests
-
Notify the controller of any data breach without undue delay
-
Provide audit reports or enable controller audits upon request
5. Sub-processors
-
PentaPay may engage third-party sub-processors (e.g., cloud hosting, payment providers) and shall ensure they comply with equivalent data protection obligations.
6. Data Transfers
Where data is transferred internationally, PentaPay ensures adequate safeguards in compliance with data protection laws.
7. Termination
Upon termination of services, PentaPay will delete or return personal data to the controller unless required by law to retain it.
8. Governing Law
-
These Terms are governed by the laws of the United States of America. Disputes shall be resolved in the courts of Delaware.
9. Contact
For any questions or legal concerns, contact: legal@pentapay.africa, www.pentapay.africa