DPA

At Advisoa ApS, operator of the Paypilot platform and landing pages on https://advisoa.dk, including all other domains owned by the company, we believe in being transparent about how we collect and use data. This DPA provides information about how and when we processors and similar tracking technologies on our website, platform, and landing pages.

Operating company:

Advisoa ApS
Kronprinsensgade 6B, 1st floor
1114 Copenhagen C
Company ID: 41405554

E-mail: info@advisoa.dk
Phone: +45 93 89 40 56

This Data Processing Agreement ("Agreement") is entered into by:

Advisoa ApS ("Processor"), located at
Kronprinsensgade 6B, 1st floor
1114 Copenhagen C
Company ID: 41405554

and

Merchant ("Controller"), the entity accepting this Agreement electronically through the sign-up process on the Paypilot platform.

- The Controller engages the Processor to provide the Paypilot platform, a platform connecting multiple webshops, gateways, providers, acquirers, third-party services, bank services and bookkeeping software for merchants.
- The Processor acts as a data processor on behalf of the Controller, processing personal data as described in this Agreement.
- The parties agree to comply with all applicable data protection laws, including the General Data Protection Regulation (GDPR).
- This Agreement is accepted by the Controller electronically through the Paypilot platform's sign-up process and forms part of the overall terms of service.

"Personal Data" refers to any information relating to an identified or identifiable natural person.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means.

The Processor shall process Personal Data on behalf of the Controller solely for the purpose of providing the PayPilot platform and related services.

The categories of Personal Data to be processed include sales data, transaction data, customer data, masked card information, product catalogues, bank transactions, support tickets, and other data as described in the privacy policy.

The duration of processing shall be for the term of the Controller's use of the Paypilot platform.

- The Processor shall process Personal Data only on documented instructions from the Controller, including the terms of this Agreement.
- The Processor shall ensure that its personnel authorized to process Personal Data are committed to confidentiality.
- The Processor shall implement appropriate technical and organizational measures to ensure the security of Personal Data, including encryption, access controls, and regular audits.
- The Processor shall not engage sub-processors without the Controller's written consent and shall ensure that any sub-processors are contractually bound to similar data protection obligations.
- The Processor shall assist the Controller with data subject rights requests, data breach notifications, and other compliance obligations under GDPR.

- The Controller shall provide clear instructions for processing and ensure that processing is lawful.
- The Controller shall inform the Processor of any changes to Personal Data or processing activities.
- The Controller shall include Paypilot as a sub-processor in its own terms or privacy policy and ensure that customers are aware of the data shared with Paypilot.

The Processor shall implement robust encryption methods, access controls, firewalls, and regular audits to protect Personal Data, including end-to-end encryption for customer data and other personal information, fully compliant with GDPR.

The Processor shall not engage sub-processors without the Controller's written consent and shall ensure that any sub-processors are contractually bound to similar data protection obligations.

The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach and shall cooperate with the Controller in addressing the breach.

The Controller shall have the right to conduct audits to verify the Processor's compliance with this Agreement.

Upon termination of this Agreement, the Processor shall delete or return all Personal Data to the Controller, unless required to retain it by applicable law.

This Agreement shall be governed by the laws of Denmark and shall be subject to the exclusive jurisdiction of the courts of Copenhagen.

This Agreement constitutes the entire agreement between the parties concerning the processing of Personal Data and supersedes all prior agreements.

By accepting the terms of service during the Paypilot platform's sign-up process, the Controller agrees to be bound by the terms of this Agreement.