Data Processing Acknowledgment Form
Download TemplateThis Data Processing Acknowledgment Form ("Form") outlines the obligations of the Controller (the"Merchant") and Processor (Yuno) regarding the processing of Personal Data. The Form is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and relevant local laws in Colombia, Brazil, and Mexico. By signing this Form, the Merchant acknowledges its adherence to Yuno's Privacy Policy, available at https://www.y.uno/privacy , and recognizes Yuno's roles as Processor, Sub-Processor, and, in certain cases, Joint Controller.
1. Purpose and Scope
This Form documents the Merchant's acknowledgment that Yuno may process Personal Data on behalf of the Merchant as outlined in the Main Agreement, which governs the provision of Yuno's payment orchestration services. The scope of this processing includes all necessary activities required for Yuno to deliver the services specified, including the collection, transmission, storage, and use of Personal Data.
2. Roles and Responsibilities
To provide effective services, YUNO may collect the following categories of personal data:
2.1 Processor Role.
Yuno shall process Personal Data on behalf of the Merchant solely as a Processor, acting according to the Merchant's instructions. Yuno will process Personal Data strictly for the purposes defined in the Main Agreement and under the limitations outlined in this Form.
2.2 Sub-Processors.
Yuno is authorized to engage Sub-Processors forcarrying out specific processing activities. The Merchant acknowledges and consents to Yuno's use of Sub-Processors, who will be bound by the same data protection obligations as Yuno.
2.3 Joint Controller.
In certain circumstances, Yuno may act as a Joint Controller alongside the Merchant when it determines the purposes and means of processing Personal Data jointly with the Merchant. In such cases, Yuno and the Merchant shall comply with their respective responsibilities as Joint Controllers under applicable data protection laws.
3. Personal Data Processing Instructions.
Yuno will only process Personal Data based on the documented instructions provided by the Merchant. These instructions are specified in this Form and the Main Agreement and shall comply with GDPR and other applicable laws. The Merchant is responsible for ensuring that Yuno's processing of Personal Data is lawful and that all necessary consents from Data Subjects have been obtained.
4. Types of Personal Data and Categories of Data Subjects.
Yuno may process the following types of Personal Data as part of its services: (i) Full names, (ii) Contact information (email addresses, phone numbers), (iii) Payment details (credit card information, bank account numbers), (iv) Transaction details, (v) IP addresses and device identifiers. The Merchant confirms that it has obtained all required consents from Data Subjects for Yuno to process this Personal Data.
5. Data Security and Confidentiality.
Yuno shall implement appropriate technical and organizational measures to ensure the security of Personal Data, as specified in Yuno's Privacy Policy. These measures include, but are not limited to, the following:
- Encryption of Personal Data during transmission and storage.
- Access control mechanisms that restrict access to authorized personnel only.
- Regular security assessments to ensure ongoing protection of Personal Data.
- Incident response plans to address any security breaches effectively.
Yuno's personnel who have access to Personal Data are bound by strict confidentiality obligations and are prohibited from disclosing Personal Data to unauthorized third parties.
6. International Data Transfers.
The Merchant acknowledges that Yuno may transfer Personal Data to jurisdictions outside the European Economic Area (EEA), including but not limited to Colombia, Brazil, Mexico, and the United States. Yuno shall ensure that appropriate safeguards, such as Standard Contractual Clauses, are in place for all international data transfers in compliance with GDPR and applicable local laws.
Yuno will only transfer Personal Data outside the country of origin if it is necessary for the provision of services, and adequate data protection measures are applied.
7. Data Breach Notification.
In the event of a data breach involving personal data processed on behalf of the merchant, Yuno will notify the merchant immediately. Yuno will provide all necessary information to assist the Merchant in fulfilling its legal obligations, including reporting to the relevant data protection authority and notifying affected Data Subjects, in compliance with GDPR and other applicable regulations. Yuno will also take the necessary steps to mitigate any damage resulting from the breach and prevent future occurrences.
8. Limitation of Liability.
Yuno's liability under this Form shall be governed by the provisions of the Main Agreement. Yuno shall not be held responsible for any unauthorized actions taken by the Merchant that result in a data breach or unauthorized disclosure of Personal Data. The Merchant agrees that Yuno's liability related to data protection issues shall be limited as outlined in the Main Agreement, except where prohibited by applicable law.
Talk with one of our payment experts
Explore how Yuno's innovative payment orchestration solutions can help you increase approval rates, reduce costs, seamlessly integrate over 1,000 global and local payment methods, and simplify payment management.
Yuno is proudly certified to the highest industry standards, ensuring that data is handled with the utmost security and compliance. Its certifications include ISO 27001 and ISO 27701 for information security and privacy management, GDPR compliance for data protection, PCI DSS for secure payment processing, SOC 2 Type 2 for service organization controls, and recognition as a Visa Service provider. These certifications demonstrate Yuno's commitment to delivering trusted and secure services for businesses worldwide.
