Controller–processor terms for personal data processed in connection with WalletCore Services.
This DPA forms part of the Terms when WalletCore processes personal data on your behalf in providing the Services. Capitalized terms not defined here have the meaning in the Terms or applicable data protection laws.
You are the controller and WalletCore is the processor with respect to personal data you submit to the Services for processing on your behalf. Where WalletCore determines purposes and means (e.g., for security monitoring), WalletCore acts as a controller as described in the Privacy Notice.
We process personal data only to provide and improve the Services, perform our obligations, and comply with law. The subject matter, duration, categories of data subjects, and types of personal data depend on your use and are further described in documentation.
We maintain technical and organizational measures appropriate to risk, including encryption in transit, access controls, monitoring, and secure development practices. You are responsible for configuring and using the Services in a secure manner.
We may engage sub‑processors to support the Services. We require comparable obligations and remain responsible for their performance. We will make a list of current sub‑processors available and provide notice of changes where practicable.
Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other mechanisms permitted by law. Supplemental measures may be applied based on transfer impact assessments.
We will notify you without undue delay after becoming aware of a security incident affecting personal data we process for you, and provide information reasonably necessary to help you meet legal obligations, subject to confidentiality and law enforcement constraints.
Taking into account the nature of processing, we will provide reasonable assistance in responding to data subject requests (access, deletion, etc.) directed to you, by providing tools or information available through the Services.
Upon reasonable notice and subject to confidentiality, we will make available information necessary to demonstrate compliance with this DPA and applicable law, including third‑party audit reports where available, or other mutually agreed means.
We will reasonably cooperate with competent supervisory authorities regarding the Services, including by responding to lawful inquiries and facilitating audits where required by law, subject to confidentiality, security, and legal privilege protections.
Upon termination of the Services, we will delete or return personal data processed on your behalf within a reasonable period, unless retention is required by law. Deletion may occur via secure erasure or cryptographic deletion.
This DPA remains in effect for as long as we process personal data on your behalf under the Terms. Termination follows the Terms, without prejudice to obligations which by their nature survive.
Where required, the Controller–Processor Standard Contractual Clauses are incorporated by reference, with WalletCore as the data importer and you as the data exporter, subject to the appendices describing technical and organizational measures, sub‑processors, and transfer details.
For DPA inquiries, contact us via the privacy channels listed in the Privacy Notice and reference your account identifier.
