Last updated: 6/3/2026
This Data Processing Agreement ("DPA") governs the processing of Personal Data by Esvalo ("Data Processor") on behalf of the customer ("Data Controller") in connection with the provision of Esvalo POS services.
The Processor shall only process Personal Data on behalf of and in accordance with documented instructions from the Controller. If the Processor is required by law to process Personal Data for any other purpose, the Processor will inform the Controller of this requirement before processing, unless that law prohibits such information on important grounds of public interest.
The Controller authorizes the Processor to engage sub-processors to process Personal Data. The Processor will inform the Controller of any intended changes concerning the addition or replacement of other sub-processors, thereby giving the Controller the opportunity to object to such changes.
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing.
At the choice of the Controller, the Processor shall delete or return all the Personal Data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data.