Last Updated: March 7, 2026
These Data Processing Terms ("DPA") supplement and are incorporated into the Reseller Terms of Service and apply to the processing of personal data in the context of the reseller relationship between Reseller and CRYPTD.TO ("Company"). To the extent required by applicable data protection law, including the General Data Protection Regulation (GDPR), the Company acts as a data controller, and Reseller may act as a data processor or joint controller.
"Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable data protection laws.
"Data Subject" means the individual to whom personal data relates.
"Processing" means any operation performed on personal data, including collection, recording, organization, structuring, storage, and transmission.
With respect to the processing of customer personal data, the Company determines the purposes and means of processing, thereby acting as a controller. Reseller agrees to process personal data only upon documented instructions from the Company and as necessary to perform Services under the Reseller Agreement.
Reseller shall:
Reseller shall maintain security measures appropriate to the nature of personal data processed, including but not limited to encryption, access controls, security monitoring, and incident response procedures. Reseller shall comply with industry best practices and applicable statutory standards.
Reseller may not authorize sub-processors or further disclose personal data to third parties without prior written authorization from the Company. Any authorized sub-processors shall be bound by equivalent confidentiality and security obligations.
The Company reserves the right to audit, inspect, and verify Reseller's compliance with data protection obligations at any time. Reseller shall provide the Company with evidence of compliance upon request.
Reseller shall cooperate with the Company in enabling compliance with data subject rights, including rights of access, correction, erasure, and portability. Reseller shall provide the Company with all necessary assistance to respond to such requests within statutory timeframes.
Personal data may be transferred across international borders. Reseller acknowledges that such transfers may require appropriate legal mechanisms, including standard contractual clauses or adequacy decisions. The Company shall determine the legal basis for such transfers.
Upon discovery of a data breach, security incident, or unauthorized processing, Reseller shall immediately notify the Company. Reseller shall provide full cooperation in investigating the incident and shall not disclose the breach to third parties without Company authorization, except as required by law.
Upon termination of the Reseller Agreement, Reseller shall immediately cease processing personal data and shall delete or securely return all personal data to the Company within thirty (30) days, unless otherwise instructed. Reseller shall provide written certification of deletion or return.
This DPA shall be governed by the laws of the Republic of Seychelles and subject to the exclusive jurisdiction of Seychellois courts.