Company logo
CryptoTax Logo

Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement ("DPA") is entered into by and between DipSway OÜ ("Processor") and the Client ("Controller") to outline the roles, responsibilities, and terms under which personal data is processed in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

This DPA is an integral part of the Terms of Use and applies to all services provided by DipSway OÜ involving the processing of personal data.

2. Definitions

  • Controller: The entity that determines the purposes and means of the processing of personal data.
  • Processor: DipSway OÜ, which processes personal data on behalf of the Controller.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, such as collection, storage, or analysis.

3. Roles and Responsibilities

3.1. Controller Responsibilities

  • Ensure that all personal data provided to the Processor has been collected and shared in compliance with applicable data protection laws.
  • Define the scope, purpose, and lawful basis for processing personal data.
  • Provide clear and lawful instructions for data processing activities.

3.2. Processor Responsibilities

  • Process personal data solely in accordance with the Controller's instructions.
  • Implement appropriate technical and organizational measures to safeguard personal data.
  • Assist the Controller in fulfilling its obligations under data protection laws, including responding to data subject requests.

4. Data Processing Details

Scope: Processing of personal data for the purposes of tracking cryptocurrency wallets, calculating taxes, and providing administrative dashboards.

Categories of Data: Wallet addresses, transaction details, cryptocurrency balances, and personal identification information (as applicable).

Retention Period: Personal data will be retained according to the Controller's instructions and applicable legal requirements.

5. Security Measures

The Processor implements appropriate technical and organizational measures to protect personal data, including:

  • End-to-end encryption for sensitive data.
  • Secure API integrations with third-party providers.
  • Access controls and authentication protocols for authorized personnel.
  • Regular security audits and monitoring.

6. Data Subject Rights

The Processor shall assist the Controller in responding to data subject requests, including:

  • Requests for access, rectification, or deletion of personal data.
  • Requests for data portability.
  • Objections to processing or requests to restrict processing activities.

7. Subprocessors

The Processor may engage subprocessors to perform specific data processing activities. Current subprocessors include:

  • Vezgo Inc. for data aggregation and cryptocurrency wallet tracking.
  • Cloud storage providers for secure data storage.

The Processor will notify the Controller of any changes to subprocessors and ensure that subprocessors comply with the terms of this DPA.

8. Data Breach Notification

In the event of a data breach, the Processor shall notify the Controller without undue delay and provide details of the breach, including:

  • The nature of the breach.
  • Potential impact on personal data.
  • Measures taken to mitigate the breach and prevent future occurrences.

9. Term and Termination

This DPA remains in effect for the duration of the Controller’s use of the Processor’s services. Upon termination, the Processor shall return or securely delete all personal data as instructed by the Controller, unless retention is required by law.

10. Governing Law

This DPA is governed by the laws of the Republic of Estonia. Any disputes shall be resolved in the courts of Estonia.

11. Contact Information

For inquiries regarding this DPA, please contact:

Email: support@dipsway.com

Address: Tornimäe 3 // 5 // 7-10145, 10145 Tallinn