Effective Date: 02/09/2025
Version: 1.0
This Data Processing Agreement (“Agreement”) forms part of the Terms of Service between the merchant (“Controller”) and Checkypro (“Processor”) and governs the processing of personal data by Processor on behalf of Controller in connection with the use of the Checkypro platform.
Controller: The merchant using the Checkypro platform.
Processor: Checkypro, acting on behalf of the Controller.
Data Subject: The end-customer of the merchant whose personal data is being processed.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing, Data Breach, and other terms shall have the meanings given in the General Data Protection Regulation (EU 2016/679) (“GDPR”).
This Agreement applies solely to the processing of Personal Data relating to end-customers by Checkypro on behalf of the merchant, including data transmitted through:
The Checkypro hosted checkout
Shopify or other e-commerce integrations
Order metadata used for fraud detection, chargeback support, or routing to acquirers
This DPA does not cover merchant data submitted during onboarding — that is governed by our [Privacy Policy].
Checkypro will process Personal Data solely for the following purposes:
Enabling order completion and payment routing
Fraud detection and chargeback management
Transaction monitoring and reporting
Supporting onboarding and underwriting reviews by licensed acquirer partners (e.g. Rapyd, Payabl)
The processing will continue for the duration of the merchant’s use of Checkypro or until deletion is requested by the Controller.
The following data types may be processed on behalf of the Controller:
Customer name, email, phone number
Shipping and billing address
Purchased products and pricing
Order status and tracking
Refund and chargeback data
IP address, browser, and device metadata
Checkypro agrees to:
Process Personal Data only on documented instructions from the Controller
Ensure that persons authorized to process the data are subject to confidentiality obligations
Implement appropriate technical and organizational measures (TOMs) to ensure a level of security appropriate to the risk
Assist the Controller in fulfilling its obligations with respect to data subject rights
Notify the Controller without undue delay in case of a Personal Data Breach
Provide all necessary information to demonstrate compliance with this DPA and GDPR
At the end of processing, delete or return all Personal Data unless retention is required by law
Checkypro may engage subprocessors to support service delivery, including cloud infrastructure, analytics, fraud engines, and customer support tools.
A current list of subprocessors will be made available upon request
Controller may object to the use of a new subprocessor if they provide legitimate grounds within 10 days of notification
All subprocessors are bound by equivalent data protection obligations
Where Personal Data is transferred outside the EEA, Checkypro will ensure that such transfers are subject to appropriate safeguards, including EU Standard Contractual Clauses (SCCs) or other lawful mechanisms under GDPR.
Upon reasonable notice, Controller may request documentation or security audit reports to demonstrate Checkypro’s compliance with this Agreement. On-site audits may be conducted no more than once per year, and must be limited to what is necessary.
Each party’s liability under this DPA is subject to the limitations set out in the Terms of Service, except where prohibited by applicable law.
This Agreement is governed by Dutch law, and any disputes shall be resolved by the courts of Amsterdam, unless otherwise required by mandatory EU data protection law.
For questions about data processing or this Agreement, contact:
info@checkypro.com