This Data Processing Agreement ("DPA") forms part of the agreement between Loyaltify OÜ ("Processor") and the customer ("Controller") under the GDPR. It applies when Loyaltify processes personal data on behalf of the Controller in connection with the Services.
The Controller determines the purposes and means of processing personal data. Loyaltify processes personal data solely on the Controller’s documented instructions and as necessary to provide the Services.
Loyaltify ensures that persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Loyaltify implements appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in accordance with GDPR Article 32.
The Controller authorizes Loyaltify to engage sub-processors to help provide the Services. Sub-processors may include:
Loyaltify remains responsible for the performance of its sub-processors’ obligations to the extent required by applicable law.
Loyaltify will assist the Controller, where technically feasible, in fulfilling data subject requests (such as access, deletion, or correction) and in complying with related GDPR obligations.
Personal data is primarily processed within the EU. Where personal data is processed outside the EU/EEA, Loyaltify will implement appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, in accordance with GDPR requirements.
Upon termination of the Services, Loyaltify will delete or return personal data to the Controller, unless retention is required by applicable law.
For DPA-related inquiries, contact dpo@loyaltify.io.