Get Started
Home / Data Processing Agreement

Data Processing Agreement

Effective date: April 1, 2025
Contact DPO / Privacy

1. Introduction

This Data Processing Agreement (“DPA”) supplements BiglyPay’s Terms of Service and governs the processing of personal data where the merchant acts as the data controller (“Controller”) and BiglyPay acts as the data processor (“Processor”). BiglyPay is a non-custodial crypto payment monitoring platform: funds settle directly to wallets controlled by the Controller.

Because we are non-custodial, we process only the minimum personal data necessary for service delivery, security, and legal compliance.

2. Definitions

  • Personal Data: Information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data (collection, storage, use, etc.).
  • Subprocessor: Third party engaged by the Processor to process Personal Data for the Service.

3. Scope & Purpose

Processor shall process Personal Data solely to provide the Service, which may include:

  • Payment detection, monitoring, and reconciliation (transaction hashes, timestamps, amounts, token/chain identifiers).
  • Operational telemetry and security logging (e.g., IP, user agent, error diagnostics).
  • Communications regarding incidents, service updates, and support.

Processor will not process Personal Data for purposes other than those documented by Controller.

4. Processor Obligations

  • Instructions. Process Personal Data only on documented instructions from Controller.
  • Confidentiality. Ensure personnel are bound by confidentiality obligations.
  • Security. Implement appropriate technical and organizational measures (encrypted transport, hardened infrastructure, access controls, monitoring).
  • Assistance. Assist Controller with security, breach notifications, DPIAs, and consultations as reasonably required.
  • Records. Maintain records of processing activities as required by law.

5. Subprocessors

Processor may engage Subprocessors for infrastructure, analytics, logging, and related services, subject to written agreements imposing obligations no less protective than this DPA. Processor remains responsible for Subprocessor performance.

6. Security Incidents

Upon becoming aware of a Personal Data breach, Processor shall notify Controller without undue delay, providing information reasonably available to assist Controller in meeting its obligations, and will take appropriate remediation steps.

7. Retention & Deletion

Processor retains Personal Data only for as long as necessary to provide the Service and comply with legal obligations. Upon termination or at Controller’s written request, Processor will delete or return Personal Data unless retention is required by law.

8. Audits & Inspections

Subject to reasonable notice, confidentiality, and frequency limits, Controller may audit Processor’s compliance with this DPA (including via independent third-party reports or summaries reasonably made available by Processor).

9. Data Subject Requests

Controller is responsible for responding to data subject requests. Processor will reasonably assist Controller by providing available information and tools relevant to the request and the Service.

10. International Transfers

Where Personal Data is transferred internationally, Processor will implement appropriate safeguards (e.g., contractual clauses) consistent with applicable laws.

11. Governing Law & Jurisdiction

This DPA is governed by the laws of the United Arab Emirates, as applicable to BiglyPay FZCO. Courts located in the UAE will have exclusive jurisdiction over disputes arising out of or relating to this DPA.

12. Contact

BiglyPay FZCO
Dubai, United Arab Emirates
Email: support@biglypay.com
Phone/WhatsApp: +971-50-783-4878