This website use cookies to help you have a superior and more admissible browsing experience on this website. Cookie Policy

mark_chat_unread
close
Hi, I’m Bridgie, I’ll help you reach the right team. Please select an option below.
Need help in payments/refunds Sell through Transact Bridge Interested in a partnership Speak with the Business Team Want to ask something else?
Loading...
Data Processing Agreement
Consumer Terms of Service Merchant Services Agreement Acceptable Use Policy Data Processing Agreement

Data Processing Agreement (DPA)

Last Updated: April 1, 2026

This Data Processing Agreement (“DPA”) forms part of the agreement between TransactBridge (“TransactBridge”, “we”, “our”, or “us”) and the merchant, business user, or partner using TransactBridge services (“Merchant”, “you”, or “your”).

This DPA governs the processing of Personal Data by TransactBridge on behalf of Merchants in connection with the provision of TransactBridge’s payment processing and platform services.

This DPA applies where TransactBridge processes Personal Data subject to applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and other applicable privacy laws.

1. Definitions

For the purposes of this DPA:

“Applicable Data Protection Laws” means all applicable laws relating to the protection of personal data, including the GDPR, UK GDPR, and other relevant data protection regulations.

“Personal Data” means any information relating to an identified or identifiable natural person.

“Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

“Controller” means the entity that determines the purposes and means of processing Personal Data.

“Processor” means the entity that processes Personal Data on behalf of a Controller.

“Data Subject” means the individual to whom the Personal Data relates.

2. Roles of the Parties

In relation to Personal Data processed under this Agreement:

  • The Merchant acts as the Data Controller for Personal Data relating to its customers or users.
  • TransactBridge acts as a Data Processor when processing such Personal Data on behalf of the Merchant for the purpose of providing payment processing and related services.

In certain circumstances where TransactBridge determines the purposes and means of processing (for example fraud monitoring, compliance obligations, or regulatory reporting), TransactBridge may act as an independent Data Controller.

3. Scope and Purpose of Processing

TransactBridge will process Personal Data solely for the purpose of providing the Services, including but not limited to:

  • Payment transaction processing
  • Payment authorization and settlement
  • Fraud detection and prevention
  • Risk monitoring and compliance checks
  • Customer support and dispute handling
  • Regulatory and legal compliance

The categories of Personal Data processed may include:

  • Name
  • Email address
  • Billing information
  • Payment details
  • Transaction information
  • Device or technical identifiers

The categories of Data Subjects may include:

  • Merchant customers
  • platform users
  • payment recipients
  • merchant representatives

4. Processing Instructions

TransactBridge shall process Personal Data only on documented instructions from the Merchant unless processing is required by applicable law.

Where processing is required by law, TransactBridge will inform the Merchant of such legal requirement unless prohibited from doing so.

5. Confidentiality

TransactBridge ensures that personnel authorized to process Personal Data are subject to confidentiality obligations or appropriate statutory duties of confidentiality.

Access to Personal Data is restricted to personnel who require such access to perform their duties.

6. Security Measures

TransactBridge implements appropriate technical and organizational measures designed to protect Personal Data against:

  • unauthorized access
  • accidental loss or destruction
  • alteration or disclosure
  • unlawful processing

Security measures may include:

  • encryption of sensitive data
  • secure infrastructure and network protection
  • access controls and authentication mechanisms
  • security monitoring and incident detection systems
  • regular security reviews and audits

7. Subprocessors

TransactBridge may engage third-party service providers (“Subprocessors”) to assist in providing the Services.

Such subprocessors may include providers of:

  • cloud hosting infrastructure
  • payment network connectivity
  • fraud prevention tools
  • customer support systems

TransactBridge will ensure that subprocessors are subject to data protection obligations consistent with this DPA.

A current list of subprocessors may be made available upon request or published on the TransactBridge website.

8. International Data Transfers

Personal Data may be transferred to and processed in countries outside the Data Subject’s country of residence.

Where such transfers occur, TransactBridge will ensure appropriate safeguards are implemented, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • adequacy decisions issued by relevant authorities
  • other lawful transfer mechanisms permitted under applicable data protection laws

9. Data Subject Rights

TransactBridge will provide reasonable assistance to Merchants in responding to requests from Data Subjects exercising their rights under applicable data protection laws.

These rights may include:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object to processing

Where TransactBridge receives a request directly from a Data Subject relating to data processed on behalf of a Merchant, TransactBridge may refer the request to the Merchant where appropriate.

10. Data Breach Notification

In the event of a Personal Data Breach, TransactBridge will notify the Merchant without undue delay after becoming aware of the breach where it affects Personal Data processed on behalf of the Merchant.

Such notification will include, where reasonably available:

  • the nature of the breach
  • categories of affected data
  • potential consequences
  • measures taken or proposed to address the breach

11. Data Retention and Deletion

TransactBridge will retain Personal Data only for as long as necessary to provide the Services and comply with legal or regulatory obligations.

Upon termination of the Services, TransactBridge will delete or anonymize Personal Data processed on behalf of the Merchant unless retention is required by applicable law or regulatory obligations.

12. Audit and Compliance

Where required by applicable law, TransactBridge may provide information reasonably necessary to demonstrate compliance with this DPA.

Such information may include:

  • security documentation
  • compliance certifications
  • audit summaries or security reports

Audit requests must be reasonable in scope and subject to confidentiality obligations.

13. Liability

Each party’s liability under this DPA shall be subject to the limitations of liability set forth in the applicable Terms of Service or Merchant Agreement between the parties.

14. Changes to this DPA

TransactBridge may update this Data Processing Agreement from time to time to reflect changes in legal requirements, regulatory guidance, or operational practices.

Updated versions will be published on the TransactBridge website with an updated “Last Updated” date.

15. Contact Information

For questions regarding this Data Processing Agreement or data protection practices, please contact:

Email: compliance@transactbridge.com