Features

News

FAQ

Resources

Get in touch

Data Processing Agreement

April, 2025

This Data Processing Agreement ("DPA") governs the processing of personal data by Fluidwave Technologies Ltd (“Fluid”, “we”, “us”, or “our”) in connection with the provision of its services to clients ("you", "Client") under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

This DPA is an extension of and forms part of the agreement between Fluid and the Client for the use of Fluid's Software-as-a-Service (SaaS) offerings.

1. Purpose and Scope

This DPA outlines the responsibilities of both parties where Fluid processes personal data on behalf of the Client. It applies when the Client is a Data Controller or Processor, and Fluid acts as a Data Processor or Sub-Processor, respectively.

Fluid will only process personal data as necessary to deliver its services in accordance with applicable laws and the Client's documented instructions.

2. Definitions

The terms “Controller”, “Processor”, “Sub-Processor”, “Personal Data”, and “Processing” shall have the meanings defined in Article 4 of the GDPR. Any other undefined capitalized terms refer to their meaning in the main agreement between the parties.

3. Roles and Responsibilities

3.1 Fluid’s Responsibilities

Fluid agrees to:

  • Process personal data only in accordance with the Client’s documented instructions.

  • Implement and maintain appropriate technical and organizational measures to safeguard personal data in line with GDPR Articles 32–36.

  • Ensure that all personnel authorized to process personal data are subject to confidentiality obligations.

  • Notify the Client without undue delay of any data breach affecting Client personal data.

  • Provide reasonable assistance for:

    • Data Subject rights requests (e.g., access, erasure)

    • Data Protection Impact Assessments (DPIAs)

    • Consultations with supervisory authorities

  • Only use Sub-Processors with the Client’s prior written authorization and ensure they are bound by equivalent data protection terms.

3.2 Client’s Responsibilities

The Client agrees to:

  • Ensure that its instructions to Fluid comply with applicable data protection laws.

  • Obtain all necessary consents or legal bases to process personal data using Fluid's services.

  • Remain the sole responsible party for the accuracy, legality, and lawfulness of personal data shared with Fluid.

4. Sub-Processing

Fluid may engage Sub-Processors to fulfill specific parts of the service. All Sub-Processors are contractually bound by data protection obligations no less stringent than those in this DPA.

  • An up-to-date list of Sub-Processors will be maintained and shared upon request.

  • Clients will be notified of any intended changes at least three (3) months in advance.

  • If the Client objects to a new Sub-Processor, Fluid reserves the right to terminate the services with one (1) month’s notice.

5. International Data Transfers

Fluid will not transfer personal data outside of the European Economic Area (EEA) unless:

  • The destination country offers an adequate level of data protection as determined by the European Commission, or

  • Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or an approved certification mechanism, and

  • The Client has been informed and given the opportunity to object.

6. Data Breach Notification

In the event of a personal data breach, Fluid shall:

  • Notify the Client without undue delay after becoming aware of the breach.

  • Provide details on:

    • Nature and scope of the breach

    • Categories and number of records affected

    • Likely consequences

    • Mitigation steps taken or planned

Fluid will assist the Client in meeting its obligations under Articles 33 and 34 of the GDPR.

7. Return or Deletion of Data

Upon termination of the service:

  • Fluid will, at the Client's written request, return or delete all personal data, unless retention is required by law.

  • Requests for data return must be made within seven (7) days of termination.

  • Reasonable administrative fees may apply for data extraction and return.

8. Audits

The Client may request an audit, not more than once every 12 months, to verify Fluid’s compliance with this DPA. Audits must:

  • Be performed by an independent and qualified third-party auditor

  • Be scheduled with at least five (5) business days’ prior written notice

  • Take place during normal business hours

  • Not unreasonably interfere with Fluid's operations

Fluid may redact proprietary or confidential business information not relevant to the audit.

9. Duration

This DPA remains in effect for as long as Fluid processes personal data on behalf of the Client. Obligations that survive termination (e.g., confidentiality, breach response) shall remain in force accordingly.

Contact

If you have any questions or require further information regarding this DPA, please contact:

Data Protection Officer
privacy@fluidpayments.io

Back

Easy flowing payments™

© 2025 Fluidwave Technologies Ltd.
Company registration: HE45392611
Apostolou Andrea St, Hyper Tower
Office 101 • 4007 Limassol
Cyprus

Made with ♥

Product

Features

FAQ

Resources

Company

News

Contact

Legal

Easy flowing payments™

© 2025 Fluidwave Technologies Ltd.
Company registration: HE45392611
Apostolou Andrea St, Hyper Tower
Office 101 • 4007 Limassol
Cyprus

Made with ♥

Product

Features

FAQ

Resources

Company

News

Contact

Legal

Easy flowing payments™

© 2025 Fluidwave Technologies Ltd.
Company registration: HE45392611
Apostolou Andrea St, Hyper Tower
Office 101 • 4007 Limassol
Cyprus

Made with ♥

Product

Features

FAQ

Resources

Company

News

Contact

Legal